Blog

I have recently obtained two certifications in cloud computing, the CloudU Certificate and the Certificate of Cloud Security Knowledge (CCSK) and thought I’d share my thoughts on each. The CloudU (or Cloud University to give it it’s full title) is developed and curated by NZ’s own Ben Kepes and is provided by Rackspace (a leading [...]

On the 30 March Global Payments Inc. announced that it had suffered a data breach that had led to the Track 2 (i.e., the primary account number, expiration date, service code, PIN and CVV number) data of approximately 1.5 million credit cards being “exported” from its North American payment processing system. There is still very [...]

Like nearly all information security professionals my training has taught me that there are three objectives of information security. The CIA triad: • Confidentiality • Integrity • Availability It’s been our mantra for a very long time that these are the three things that need to be achieved to obtain information security, but are they [...]

In June the GCSB released version 1.01 of the New Zealand Information Security Manual. However, they have not published a list of changes from v1.0. I have analysed the differences between v1.0 and v1.01 and found that only two controls have been updated. There are a small number of minor corrections. The following provides a [...]

Whilst reading through the New Zealand Information Security Manual (NZISM) I came across this recommendation in section 9.4 Using the Internet within 9. Personnel security: “Posting personal information on the Web System Classification(s): R, C, S, TS; Compliance: recommended It is recommended that personnel undertake a Web search of themselves to determine what personal information [...]