A few years ago – two and a half thousand, to be precise – the Chinese general, writer and philosopher Sun Tzu wrote: ‘To know your enemy, you must..
When it comes to securing appropriate budgets for pen testing, the key thing is not cost, but value. Yet there is sometimes an uncomfortable dichotomy between what people want..
If your business is a house, with all that you hold precious contained inside it, then a vulnerability assessment is the regular checking of doors and windows to ensure..
It’s easy to see why many people think cyber security is a mysterious Dark Art. After all, it has a language of its own, full of acronyms, jargon and..
A breach at any time of the year is bad for business. But with the highest volume of sales – both retail and online – occurring between Black Friday..
In 2017 the Independent Schools’ Bursars Association (ISBA), which supports over 1,000 senior management staff in schools, stated that cyberattacks in schools can no longer be considered ‘isolated incidents’...
This article first appeared in the Q3 edition of Casino & Gaming International (CGi ) and appears here with their kind permission. As the implications of the General Data..
If recent well-documented breaches tell us anything it is that even organisations with large budgets and skilled cyber security teams can miss something. In spite of their best efforts,..
If history teaches us one thing it is that there is no going back. It started with the First Industrial Revolution which used water and steam power to mechanise..
In a recent report, the Philippine government’s Department of Information and Communications Technology (created in 2016) outlined a scale of cyber resilience based on an A to E grading..
The news has been full of concerns that foreign powers are using state-sponsored hacking as a means to undermine the infrastructure of foreign powers. While it is irresponsible to..
The problem with cyber resilience is in the name. When it comes to managing the risk posed by potential hackers and the requirement for robust testing and defence protocols,..
The recent April 2018 Trustwave Global Security Report reveals new global trends in the world of cyber hacking; most notably a move away from smaller high volume point-of-sale (POS)..
We already know that the concept of thinking like a potential hacker is the basis of penetration testing. But merely thinking like a hacker is not enough. We must..
May 2018 is a big month for cyber security. Not only will the EU General Data Protection Regulation (GDPR) come into effect but a new UK Data Protection Act..
15:00 – 15:45 Thursday 8th March 2018 Have you tested to check your GDPR compliance? A key aspect of GDPR compliance is demonstrating that your systems are secure. Penetration..
SRM is at the PCI London event in London on 25th January, presenting on The Synergy Between Automated and Manual Penetration Testing. How a responsive Test and Exercise strategy..
By Andrew Linn, Principal Consultant The news this year has been full of high profile hacks on large organisations. These have included viral and ransomware attacks which have brought..
As Game of Thrones fans watch the unfolding drama in Westeros on their TV screens, corporations around the world are equally riveted by the now public battle for HBO’s..
‘Hi to all mankind’. Thus began the email sent to journalists by hackers who have reportedly stolen 1.5TB of files and videos from entertainment giant HBO. What has made..
By Kane Cutler In the world of information security which is riddled with acronyms, the deceptively simple ‘Red Team’ may take a little explaining. Breaking down the initial letters..
Penetration testing and vulnerability scanning are sometimes confused. After all, they sound as if they might do a similar job. But there are important differences. Also known as..
How a correctly-scoped penetration test will future-proof your organisation from real world cyber attacks. In the aftermath of Black Friday comes Grey Monday. The day of reckoning. Because although..
Maintaining Compliance with any Information Security Standard is often a long and winding journey. You never quite know what is over the horizon or around the bend, so what..
One of the greatest misconceptions about cyber-crime is that you need to be a computer geek to be a cyber-criminal. The truth is the cyber-crime industry is starting to..
By Kane Cutler, PCI QSA, Tiger QSTM, CEH Although statistics show that skydiving is a relatively safe pastime, things do sometimes go wrong. Since 2004 653 people have lost..