• Assets and how they relate to Risk Management Assets Last time we talked about the benefits of an ISMS. The cornerstones of an ISMS are knowing what your assets are and then conducting Risk Management processes based on the value of those assets versus the value of the control against a likelihood and consequence matrix. Firstly, what do we mean by some of these things? ... Read more about this post
  • ISMS. Tick box or powerful tool, your choice. ISMS – Information Security Management System, what’s it mean to you? Our people have consulted on ISMS development for some time. Recently we’ve had staff certified as PECB ISO\IEC 27001 lead implementers. For many, policy sounds pretty dry. Policy, Standards and Procedure is the stuff someone else usually does, or the stuff we’ve had for years ... Read more about this post
  • IoT – not just Smart TV’s and why you should care In the past few years, the rise of Internet connected “things” gave rise to a new term – the “Internet of Things” or IoT for short. While this is not a new idea – many will remember the “Internet Fridge” which appeared quite a silly concept in the 90’s, the emergence of a few use ... Read more about this post
  • Talking Passwords and Entropy This month we are talking passwords, Password strength is a measure of the effectiveness of a password in resisting guessing, brute force cracking, dictionary attacks or other common methods. Usually strength can be measured by how many trials an attacker who does not have direct access to the password would need, on average, to guess it ... Read more about this post
  • Education, your most powerful defence Anatomy of a social attack You may have seen the article recently where a Brisbane council was defrauded of significant amounts of money by scammers. While investigations are ongoing, this appears to be primarily a social engineering attack similar to several that we have provided advice on in South Australia over the last few months. Like the ... Read more about this post
  • Cryptolocker and the ASD top 4 and 35 Crypto “levels up” ┬áIn recent developments of Cryptolocker variants, the added element of “scareware” has been introduced. Trading on the success of the “Jigsaw” character in the horror genre of movies, users are extorted more money as minutes pass and even more if the machine is re-booted. This added element of social engineering the user is ... Read more about this post