Skip to content

Cyber Security

A humble proposal: The InfoSec CIA triad should be expanded

This article was first published by Help Net Security and can be accessed on their website in International English spelling.

What if I told you that what you may have learned about protecting information and information systems is incomplete? Curious? Then read on.

The inconsistent and incomplete definitions of essential properties in information security create confusion within the InfoSec community, gaps in security controls, and may elevate the costs of incidents.

In this article, I will analyse the CIA triad, point out its deficiencies, and propose to standardize the terminology involved and expand it by introducing two additional elements.

Securing your Digital ShopFront is no different to a Physical one

Physical gate next to a keyboard

In this edition of the Cyber Insights blog, I want to cover the often-overlooked topic of business cybersecurity external posture, written mainly for business executives.

Over the past 12 months, I have had several discussions with business leaders and small startups about the image their organisations are portraying to potential attackers, usually cybercriminals seeking ransom money.

Fix Identity and Access Management

IAM Best Practices

This article also features in the Computer Weekly / TechTarget Cyber Security ThinkTank: https://www.computerweekly.com/opinion/In-the-cloud-effective-IAM-should-align-to-zero-trust-principles

The topic of “best practices in IAM” is complex due to the intricacies of Identity and Access Management (IAM) and the unique policies, processes, and procedures of each organisation. Therefore, a one-size-fits-all approach does not work.

Lessons from bank fraud featuring Revolut

"Innovate fast and fail faster!" is a mantra that many fintech companies are following. Some successfully, some not so much.

Take example of Revolut, who seem to top the UK charts for the most fraud complaints.

(source: https://www.bbc.co.uk/news/articles/cj6epzxdd77o )

alt text

Originally published on: https://www.linkedin.com/pulse/lessons-from-bank-fraud-featuring-revolut-vladimir-jirasek-xakqe/

Win back lost trust by working smarter!

In a typical enterprise, a division of responsibilities is codified: an IT team runs IT systems and a security team operates security systems. There might not be any risk of security systems affecting IT systems until the security tools are running on end-user devices, servers and as active elements in the network (Firewall admins will agree with me, they get lots of unwarranted grief from IT teams that “firewall is slowing things down”).

Today, I received the below text message saying that the payment for my EE bill did not go through which instantly triggered an anxiety emotion: “Why was the payment declined? Do I have enough money in my bank account?”.

Info Security Europe in London 2024 observations

Event-InfoSecEurope-2024

And it is official: Info Security Europe 20241 has drawn to its close. Having attended with low expectations following the 2023 event, I was positively surprised by the quality of the event, vendor stands, and associated event Cyber 100 Club. I already look forward to the InfoSec Europe 2025!

I would like to mention the people I met during the show: Raj Samani, Robert Rodger, Justin Coker, Francesco, Alfonso Eusebio, Stephen Khan, Nick Thomas, Rob Demain, Clive Room, Christiaan Beek, Shakeeb Niazi, John Quinn

PCI DSS 3.2 - Top 3 Issues

The Payment Card Industry Data Security Standard (PCI DSS) is a framework developed by the PCI Security Council, an organisation established by credit card scheme companies in collaboration with financial institutions, retailers, and professional service providers.

Security professionals have long advocated for stronger security measures, emphasising best practices. Now, there is a clear business case for adopting these well-established principles, and organisations must allocate budgets (CAPEX and OPEX) to implement and sustain compliance programmes. PCI DSS is here to stay and will likely introduce additional security controls in the future.