Security Blog

Assets Last time we talked about the benefits of an ISMS. The cornerstones of an ISMS are knowing what your assets are and then conducting Risk Management processes based on the value of those assets versus the value of the control against a likelihood and consequence matrix. Firstly, what do we mean by some of these things? ...

ISMS – Information Security Management System, what’s it mean to you? Our people have consulted on ISMS development for some time. Recently we’ve had staff certified as PECB ISO\IEC 27001 lead implementers. For many, policy sounds pretty dry. Policy, Standards and Procedure is the stuff someone else usually does, or the stuff we’ve had for years ...

In the past few years, the rise of Internet connected “things” gave rise to a new term – the “Internet of Things” or IoT for short. While this is not a new idea – many will remember the “Internet Fridge” which appeared quite a silly concept in the 90’s, the emergence of a few use ...

This month we are talking passwords, Password strength is a measure of the effectiveness of a password in resisting guessing, brute force cracking, dictionary attacks or other common methods. Usually strength can be measured by how many trials an attacker who does not have direct access to the password would need, on average, to guess it ...

Anatomy of a social attack You may have seen the article recently where a Brisbane council was defrauded of significant amounts of money by scammers. While investigations are ongoing, this appears to be primarily a social engineering attack similar to several that we have provided advice on in South Australia over the last few months. Like the ...

Crypto “levels up”  In recent developments of Cryptolocker variants, the added element of “scareware” has been introduced. Trading on the success of the “Jigsaw” character in the horror genre of movies, users are extorted more money as minutes pass and even more if the machine is re-booted. This added element of social engineering the user is ...