Category: Security

Is ISO 27001 worth it?

I took the Certified ISO 27001 Practitioner course last week, studying the requirements and principles of ISO/IEC 27001:2013, and the issues and challenges involved in implementing an information security management system.  Achieving certification before doing the course helped me get more out of it, and a better appreciation of just how effective this standard is, regardless of the size of your organisation.

Continue Reading

Is WordPress Secure?

Despite the fact that it runs over 25% of the ten million largest websites in the world, some IT professionals treat WordPress with something they just wiped off their shoe.  Just in the last couple of months there have been two major security updates, and 100,000 WordPress sites were apparently hacked, so is it secure?  Like most “Is product [x] secure?” questions, the answer is “It can be”, read onto find out how.

Continue Reading

Anatomy of a banking trojan outbreak

virusmemeIt started innocently enough, a member of staff opened an email from their personal email account with a subject line “Confirmation of payment”.  Unbeknownst to the unfortunate recipient the attachment contained malware from the Dyre banking trojan family (specifically Troj/Dyreza-FP). One week, 500 hours of staff time, and 128 infected systems later we’ve learnt a lot of lessons the hard way.  Learn from our experience (we have).

Continue Reading

Is user security awareness training worth it?

pedagogy-194931_640Back in August 2013 I blogged about the importance of IT staff training, and I’d planned to follow up shortly after that with a post about end user training.  Unfortunately the challenges of a new role took over, and it’s only now I’m returning to the topic, with a particular challenge in mind, increasing end user awareness of information security threats.

Continue Reading

Richard Bartlett gets secure

ssl-rgbartlettAt Google I/O 2014 Google described the way most websites exchange data with their visitors as “insecure, untrustworthy, and trivially intercepted”.  Harsh words. They then took it a step further and announced on the Google Webmaster blog that they were “starting to use HTTPS as a ranking signal”, at which point I decided to setup my blog to run entirely over HTTPS.  It’s only costs £25 per year on my excellent hosting provider, Tsohost, but why would I bother, when I don’t process payment information?

Continue Reading