The Russian invasion of the Ukraine raises a few cybersecurity questions

Cybersecurity Impacts of the Recent Invasion

Primarily the story about the Russian invasion of the Ukraine is one of great human tragedy. Nothing I write here is supposed to take away from the fact that the main story is about the suffering of the Ukrainian people.

Even at the other end of the world here in Aotearoa New Zealand, however, there will be impacts. Though they may just be echoes of the fury in Europe. It’s no secret that cyber attacks are part of Russian military strategy, nor that New Zealand organisations have been the victims of Russian cybercriminals. So what effects – if any – will the war in the Ukraine have on cyber security here?

Read More

The Grass Looks Greener from Here: Cyber Security Should Be Like Health and Safety

All the experts agree – cyber security should be an organisation-wide concern.  And yet, in my experience too many organisations, and too many people in those organisations think that cyber security is solely the concern of (a) the security team, or (b) the IT/digital team. In case you need convincing my favourite response is that if there is a cyber-attack (or incident) then it is not the IT team’s job that is at risk, but part of the organisation (if the HR system is compromised it is the HR team who won’t be able to work, not the IT or security teams). Who knows what the impact is of an attack? It’s not IT, that’s for sure. And who is best placed to balance off the needs of the organisation with the cyber risks? It’s not security: if you left it up to me, I’d turn everything off! That’s the only way to be sure (and I get no benefit from it being on, so…)

Read More


Top Talks at COSAC – Sydney, December 2018

Last week Michael Price, Ahmed ElAshmawy and Chris Blunt from Axenic were fortunate enough to make the trip across the Tasman to Sydney for the 2nd annual COSAC APAC Security Conference.  All 3 had the chance to speak to the attendees and without any bias, Michael shares his take on the Top Talk and some other notable mentions.

Read More

From Chaos to Conformance: 4 Context of the organisation

Information security is all about context!

In my previous two articles in this series focused on developing an Information Security Management System (ISMS) based on ISO 27001:2013, I presented the common myths associated with the standard. In this article, I am going to provide an overview of the standard and section 4 Context of the organisation.

Read More


From Chaos to Conformance: More ISO 27001 myths

Dispelling more common myths

Okay, I know I promised to delve into and discuss the requirements defined in 4 Context of the organisation. However, I realised that they are other common myths that I should dispel for those of you that are interested in implementing an Information Security Management System (ISMS) that conforms with ISO/IEC 27001:2013 (ISO 27001).

Read More

Remember Your Security ABCs

....to help everyday people be safer online.

In the information security industry, we are provided plenty of top-lists and guidance that help us identify information security threats, and determine security controls to mitigate these threats.

Read More