Demystifying GDPR myths and grey areas

The General Data Protection Regulation (GDPR) has been the buzz word that is causing media hype and organisations across the globe. You can find myths and misconceptions around GDPR more than you can find factual information. This blog post will address some of the key myths that we have found.

Read More

BrickerBot kiss of death to IoT devices

Reports surfaced on the 12th of April of a botnet that attacks IoT running BusyBox and other Linux-based devices. The bot, which is believed to be active since the 20th of March 2017, exploits hard-coded passwords of devices with published SSH or telnet, as well as attempting to brute-force passwords of devices with non-default credentials. As the name suggest, BrickerBot bricks the devices and leaves them completely useless. This is done by executing a set of commands to delete storage, corrupt routing and others.

Read More


Rapid Reaction: Detecting or Reporting Information Security Incidents

This is the fourth article in a series that aim to help organisations build and maintain their information security incident management and response capability.

In the previous article I provided a bird’s eye view of the standard incident handling process. As noted previously, the incident handling process is triggered either by detecting or reporting security events. A number of security professionals believe that detecting an incident means looking for failure logs such as failed login, failed resource access etc.

Read More

Rapid Reaction: Incident handling process overview

This is the third article in a series that aims to help organisations build and maintain their information security incident management and response capability.

Before getting “into the weeds” of an incident handling process, it is useful to have a bird’s eye view of what it looks like. In this article I will provide you with an overview of the process and a brief description of each of the process steps. While incident handling is widely perceived to be a technical process, only some of its steps require technical knowledge. In reality, a lot of incidents do not require any technical knowledge to handle them. For example, incidents that relate to policy violations, physical security breaches, loss of computing devices, etc. Read More


Rapid Reaction: What is a security incident?

This is the second article in a series that aim to help organisations build and maintain their information security incident management and response capability.

In the previous article I introduced the issue of the general deficiency of effective incident management and response processes in many organisations. But what is a security incident? The short answer is: it depends! It is up to each organisation to define what kinds of events it determines to be a security incident.

Read More

Rapid Reaction: A Series on Incident Management and Response

This is the first in a series of articles that aim to help organisations build and maintain their information security incident management and response capability.

With the exception of a few organisations, it seems that the effort put into establishing an information security incident management and response capability is limited to developing a documented process. Most do the bare minimum required to tick the “has an incident response process” box, with little to no regard about how effective the process is. That’s why very few organisations actually detect information security (or cyber security if you prefer) incidents in a timely manner, and fewer still are able to handle and resolve them in an efficient and effect way to minimise the impact.
Read More