Blog-2-Anand

In the wake of the global Covid-19 pandemic, businesses worldwide were forced to confront unprecedented challenges. Organisations had to rapidly adapt to remote work models, ensure data security in a distributed environment and maintain operational continuity amidst a rapidly changing landscape. In this new era, digital resilience has emerged as the foundation of effective business…

  In today’s digital landscape, protecting sensitive information and safeguarding against cyber threats has become a top priority for organisations. Two concepts that often come up in this context are cyber resilience and cyber security. While related, there are distinct differences between the two disciplines and also to business continuity planning. This post outlines the…

The following is a summary of the status updates and actions in preparing for the Recovery Phase and addressing new risks which have been identified since the COVID-19 Pandemic outbreak.  We have now entered into the Business Recovery Phase, which is estimated could now last until the end of the 2020 calendar year, and businesses need to know how to prepare…

More moving parts mean more chance of failure. Replace “moving parts” by “comatose IT servers” and the adage still holds true. You may be tempted to reply that 1) there aren’t many of this kind of server anyway, and that 2) comatose servers may not be doing any good, but as such they are not…

Most businesses experience change constantly. Markets, technologies, regulations and strategies all evolve. Enterprises that stand still get left behind and disappear, one way or another. While we have business continuity theories, principles and tools galore, it’s worth revisiting one of the most fundamental concepts from time to time – that of Darwin’s idea of evolution,…

It may sound strange to talk about “touchy-feely” stuff like user experience in the context of IT disaster recovery. After all, the priority is on getting systems up and running again within recovery time and recovery point objectives, rather than sitting around in focus groups discussing feelings and opinions. The only UX that many IT…

Few activities and operations are truly set it and forget it. Lights-out factories like the showcase installation run by technology company Siemens are proof of concept, but still the exception. Business continuity in most cases requires periodic adjustment because environments and conditions are constantly changing. However, here’s a thought that could change that. The idea…

Do more with less. Who hasn’t already heard that in business? And just because something – like disaster recovery planning and management – is vital to ensuring enterprise survival does not mean that you cannot leverage your investment to get more out of it. The more DRP and DRM can help you increase profits or…

The following is a summary of the status updates and actions in preparing for the Recovery Phase and addressing new risks which have been identified since the COVID-19 Pandemic outbreak.  We have now entered into the Business Recovery Phase, which is estimated could now last until the end of the 2020 calendar year, and businesses…

More moving parts mean more chance of failure. Replace “moving parts” by “comatose IT servers” and the adage still holds true.

The enemy is (largely) within, when it comes to the security of information and information systems. Knowing how and why insider threats materialise is a big step towards dealing with them.

Most businesses experience change constantly. Markets, technologies, regulations and strategies all evolve. Enterprises that stand still get left behind and disappear, one way or another.

Proverbially at least, elephants never forget. Neither does the Internet. Once information is out there, you must assume it will always be out there, and that deleting it at its source may make no difference.

Few activities and operations are truly set it and forget it. Lights-out factories like the showcase installation run by technology company Siemens are proof of concept, but still the exception.

Do more with less. Who hasn’t already heard that in business? And just because something – like disaster recovery planning and management – is vital to ensuring enterprise survival does not mean that you cannot leverage your investment to get more out of it.

It may sound strange to talk about “touchy-feely” stuff like user experience in the context of IT disaster recovery. After all, the priority is on getting systems up and running again within recovery time and recovery point objectives, rather than sitting around in focus groups discussing feelings and opinions.

IT service management changed a few years ago with the introduction of containers. They helped usher in the concept that a data centre was no longer a place with computers, but that the data centre itself was the computer.

Time is money, as they say, and it is also a key factor in IT disaster recovery. Take, for instance, the well-known recovery time objective or RTO, which defines how fast you should get back to normal operations after an IT incident.

Imagine taking your car to the garage for an urgent repair, only to be told that you’ll have to wait for week because the garage mechanics are off on a training course.

Military precision? Business descriptions? No fluff? All these qualifications have a bearing on a disaster recovery plan, but with certain conditions.

We may live in a digital age, but much of the concepts from the previous industrial era still carries through. We have virtual cloud data factories and production lines, just like their physical counterparts for making cars, furniture, aircraft and so on.

The bigger an organisation gets, the more the plans multiply. There may be plans for dealing with contingencies, crises, disasters, emergencies, pandemics, risks and who knows what else, all in addition to your business continuity plan.

It’s commonplace to see articles and discussions about cyber security and the law, but this article is not about that. It is about cyber security and law firms, those august institutions with their lawyers, barristers, and attorneys.

Artificial intelligence is finding its way into many applications and systems, so why not disaster recovery? The advantages are multiple.

The Agung volcano in Indonesia has been in the news recently. At time of writing, observers are sending back reports of clouds and glows that suggest that major eruption could be imminent.

When hackers try to penetrate your databases and IT infrastructure (or perpetrate any other cybercrime), they often plan a sequence of steps to get what they want. Individual steps may seem innocent or meaningless.

Much of business continuity today can be automated. Production lines, supplies reordering, failovers in case of problems, management reports, many of these things now work on a “set it and forget it” basis.

Linux has an enviable reputation as a secure platform for servers. But Linux the Unhackable? Certain myths persist about the inherent resistance of Linux to viruses and the superfluity of firewalls.

Business continuity is good for your business, but is it also a legal requirement? Laws and regulations differ from one country or one industry to another, although there is a basic expectation that organisations will act responsibly.

While cyber security may have you thinking in zeros and ones, and wondering which next generation firewall you should buy next, the human element is alive and well in cyber crime.

If everything is working and you have a business continuity plan in place, is there anything left to worry about? Yes!

With the aim of IT service management being to serve the business or the organisation funding the IT, it’s crucial that business requirements drive ITSM projects and procurement.

The “six degrees” concept is that you can reach any person in the world using a maximum of six personal relationships in a chain stretching from you to the person you want to reach.

In principle, every IT system needs to be secure. In practice, some IT systems are less secure than others.

So, it’s that time of the year again, when we look back over the last 12 months in business continuity to see… nothing?

Does Father Christmas know just how exposed his operation is? With one of the largest address books ever conceived (names, addresses, gift preferences of billions of people) and a seasonal workforce of elves that may or may not have been vetted before hiring, Santa’s gift selection, preparation and delivery system may be hugely at risk.

Meet Sophia, who has Saudi-Arabian nationality. There’s nothing unusual about that, except that Sophia is a robot.

The idea behind threat hunting is that some attackers are getting too smart for current IT security technology.

In theory, IT service management should contain sprawl, limiting or preventing the spread of underutilised IT assets.

“Yes, we have a business continuity plan”. Every enterprise wants to hear this from its suppliers, especially the key suppliers.

First, there was the virtual machine. Then came the container. Now, welcome to the unikernel, the latest initiative for atomising computing.

Fear, uncertainty and doubt. Collectively known as FUD, these items skew rational thinking, panic otherwise sensible people, and throw sizeable spanners in the works of business continuity planners.

Will it ever go away? The basic password is still alive and well.

Bankruptcy per se is not necessarily the end of an enterprise, as several high-profile phoenixes rising from the ashes have shown.

It’s not paranoia, they really are out to get you. When the very organisations promoting IT security manage to botch it up, it’s difficult to have confidence in anything anymore.

You may well have heard the story of the person trying to streamline business operations and driving past huge, separated grain silos one day, which reminded him of the mentalities and divisions he was trying to overcome back in the office.

It’s a fact of business life that customers, markets, and industry commentators only see your brand, and not the suppliers who provide the materials, components, or products behind it.

People – “Can’t live with them, can’t live without them” might be the motto for many enterprises and their chief information security officers (CISOs).

Sometimes in business continuity we end up with such a fierce focus on actions inside the enterprise that we neglect actions directed towards the outside world, and specifically towards our customers.

Hollywood (once again) got there first. Remember those films in which shadowy figures hiss “Trust no-one!” before vanishing from the scene?

You may find this blog article mind-expanding – especially if your natural reaction is to think about its title in two dimensions, rather than three. To set things straight, we’re not talking about paper printouts of business continuity plans that by definition are out of date the moment they are distributed.

What’s more important in IT Service Management (ITSM), the management or the service?

When you look at something, you have an impact on it. That’s the observer effect.

If you’ve worked in IT development for hardware or software, or had dealings with that world, you may well have seen the statistics about the costs of fixing bugs.

How many times have you heard business people talk about their DNA – meaning their business culture or something similar?

What’s the difference between a risk, a threat, and a vulnerability? This is worth knowing, because if you can spot the risks in your enterprise and mitigate or eliminate them, you might not have to worry about associated threats.

As a business continuity manager, you are likely to be involved in getting your colleagues to take business continuity seriously and ensure that their own departments will continue to function even in adverse conditions.

It’s always good to show how business continuity can be a net profit generator or produce other positive and measurable advantages.

Sounds obvious? When you’re knee deep in metrics, reports, and audits, it’s not always easy to remember that without people doing their jobs, nearly every organisation will rapidly cease to function.

It almost seems that there are as many definitions of the “blended attack” in IT security, as there are experts willing to give them.

Ideally, business continuity means no discontinuity.

Once upon a time, IT security was all about building the highest wall possible to keep attackers out and corporate users and systems safe.

In theory, IT should be a boon for business continuity. Speed, reliability, automation, efficiency, productivity, all these things are positive effects available by moving to a digital environment driven by information technology.

Risk assessment is already a vast subject and the pitfalls of risk assessment alone would probably fill a good-sized book.

Politics in career progression, in investments, in enterprise projects – but in business continuity as well?

People, products, processes, and partners are the four “P”s of IT service design in a lifecycle model for IT services, but is there something missing?

To stay healthy, should you get your jabs or eat your vegetables?

Back in 2004 at the RSA Security Conference, Bill Gates was campaigning for the replacement of the password by two-factor authentication or some other secure mechanism.

Don’t get us wrong, simply telling somebody how wonderful he or she is unlikely to guarantee business continuity!

Talk about the long arm of the law!

In business continuity management, should you start with what you want or with what you have?

The case of Code Spaces still echoes in cyberspace.

Did you know that car manufacturers tend to choose the letters for their car model references according to the type of buyer they want to attract?

Tougher to do, and with tougher consequences if you get it wrong: these are the two big trends in IT risk management today.

Ah yes, agile, that buzzword that is being borrowed by so many parts of businesses! The word itself is full of promise, suggesting all kinds of good things, like flexibility, nimbleness, and adaptability.

We’d be straining your patience if we didn’t explain the title of this blog right away. ITSM?

Jargon crops up everywhere, and business continuity is no exception. RTO, RPO, BIA, and others are often sprinkled liberally into conversations, plans, and reports.

Attack sophistication is growing. 20 years ago, social engineering had already made inroads and automated attacks were on the rise, with denial-of-service, browser executable attacks, and techniques for uncovering vulnerabilities in the binary code of applications.

Every so often it’s good to shake things up. Sometimes the simple act of asking questions about what we do in business continuity and why we do it can give us a fresh point of view and point out areas for improvement.

Governments often make legal requirements about things that could damage people’s health, whether in a physical, financial, or possibly other sense.

The cliché of “change is the only constant” is true for most enterprises. Customers, business analysts, and employees all expect some sort of evolution, even if it is with varying degrees of enthusiasm.

If confidential information didn’t exist, you wouldn’t have to worry about data breaches.

Now that so many people and enterprises have rushed headlong into mobile, cloud, or both, it’s time to take a step back and consider your security posture relating to these two items.

What does a perfect storm make you think of – natural catastrophes, perhaps, like the one portrayed in the film “The Perfect Storm”, the risks confronting the Korean economy, or simply a situation you would rather avoid in the interests of business continuity?

IT service management is sometimes described as a customer-focused approach to making information technology available.

According to certain industry analysts and software vendors, we are now midway between a stage 10 years ago when few applications used machine learning, and a stage 10 years into the future when apparently, most applications will function with it.

Labour-saving devices, robots, and automation – Weren’t they all supposed to improve the quality of life, by removing manual work and drudgery?

If you thought virtual reality (VR) and augmented reality (AR) were just gimmicks for people with too much time on their hands, you could be in for a surprise.

Some IT security attacks start from the most innocent mobile apps and in ways that let cyber-criminals simply pick up confidential communications without having to hack into anything at all.

Ever since marketing figured out that companies could do better by asking customers what they wanted, rather than just trying to tell them, businesses have moved massively to the notion of working backwards from the customer.

It’s tempting to see IT self-service as the simple way to hand off responsibilities to end-users.

Scenario planning, in which you seek to identify higher risk and higher probability causes of business interruption, attracts both supporters and cynics.

Does it sound strange that many organisations believe they are exposed to major problems with Internet of Things device security, yet few of them have taken any measures to resolve those problems?

Business no longer controls all its data, now that the data is spread out over systems that could be in-house, in the cloud, or in somebody’s pocket.

If you’ve already moved all your systems and applications to the cloud, you may feel there is little left for you to manage other than your organisation’s data and your IT department’s skillsets.

The title of this blog post could almost have read “Never send a human to do a machine’s job”.

Small businesses using low-end routers for their networks may be highly vulnerable to hackers.

“Give me your gut!” (as in “gut feeling”) has long been the cry of business continuity management in meetings, trying to make sense of complex situations or cut through to the essentials.

In theory, BYOD or bring your own device lightens the load in terms of IT sourcing, because it transfers the work (and cost) of acquiring a device to the user of that device.

Vendors like to go to the movies, meaning they like to see their products and logos in Hollywood productions, and are usually prepared to pay for the privilege.

If you have already installed mobile apps on your smartphone to go beyond the stock selection provided with the device, you may well have noticed how a mobile app asks for permission to access certain resources or take certain actions.

Do you dream of a work environment in which everybody automatically thinks “business continuity” and acts accordingly?

What used to be IT sourcing at the physical system level is turning into an exercise at the virtual cloud level, but with a new actor, the cloud broker.

In this age of big data, business analytics are likely to form an increasingly large part of business continuity planning and management.

A while ago, we asked in this blog if World Backup Day was really a good idea. Our logic? If everybody focuses on one day in the year to get their backups right, then spends the other 364 days ignoring the issue, things won’t change for the better.

Sometimes, IT can teach business a thing or two. In a recent survey on private cloud computing use, there was a statistic on the use of multipathing.

Malware (Sneakyware) is the software that gets into your system and causes havoc, unless you detect it and neutralize first.

Power blackouts in business can range from a minor inconvenience to a major threat. Diggers slicing through power cables, extreme weather conditions bringing down power lines, or other local failures can all interrupt the supply of electricity.

IT has no shortage of four-letter words. It’s not clear what the latest variations on the “BYO” or “bring your own” theme add.

There are hacks and there are business continuity hacks. Some hacks are bad news, especially when they target IT security and jeopardize business continuity, but others – the other kind of hack – could save the day in certain circumstances.

Don’t take this title too literally. Ransomware, the malware that extorts money from victims to prevent a disaster, will surely continue to be active, at least in the short term.

Machine learning, if you have not already met it, is the capability of a machine (a software application) to modify its rules and algorithms according to new data.

Do the formalism of IT service management and the agility of DevOps mean that one can only succeed if the other fails?

A well-known IT security solution vendor recently published a white paper about planning for business continuity, and listed typewriters as examples of equipment that should be safeguarded to prevent interruptions to an enterprise’s activities.

When computers ran on punched cards and information was stored and communicated using paper, suspicious individuals could sometimes be seen loitering close to the large rubbish bins or dumpsters used for corporate refuse.

Investors and financial institutions like to correlate business continuity risk with business continuity reward. If risk is greater in an investment, then the potential reward should be greater too.

It’s always an editorial dilemma – Do we start with the event with the biggest business continuity impact? The event that was the most unbelievable? For the 2016 Business Continuity Review, we have some difficult choices, including the massive cyberattack of the toasters, the most powerful man in the world (soon) trying to carve up the Internet, and a smartphone threatening the health of a national economy.

Einstein, move over. There is a new universal constant now, one that governs all IT-driven security activity, which by now is almost everything that goes on in the known world.

Speaking of these two items in the same breath might seem incongruous. After all, what does IT service management looking after daily operations (mundane) have to do with the digital transformation of an organisation (visionary)?

IT strategy – hmm, that sounds good! It suggests you know what you’re doing, and that those invoices from your IT suppliers correspond to something of value to the business.

We know you know, but to save you the mental effort of fleshing these acronyms out into full-length descriptions, here’s what they stand for. BCM is business continuity management. ITSCM is IT service continuity management.

Paved with good intentions and best practices, the road to ITIL hell can look so alluring to the unwary IT manager.

Can these two items coexist? Business continuity is about keeping things going, whereas business transformation is often about breaking things (figuratively, if not literally) to get out of a rut and into a new, more competitive mode of business.

5G networks is on the horizon now, destined to increase mobile data transfer speeds and reduce communications latency compared to current 4G.

IT servers, enterprise applications, data centres and cloud services might seem world away from other sectors traditionally attracting attention in terms of a ethical sourcing strategy.

Start humming the James Bond theme, now. Or perhaps not. Agents in IT asset management don’t quite have the glamour of 007.

The advanced persistent threat or APT is the up and coming menace to IT systems today.

The road to IT sourcing nirvana is full of potholes, not to mention the ravines on either side, should you stray from the straight and narrow.

Now and again, we hear rumblings about IT governance and how synergy must be developed between IT and the rest of the organisation to work in harmony as a “business partner”. The principles are praiseworthy.

The man in question is Nassim N. Taleb. He coined the term “Black Swan” in risk management to describe events that are unforeseeable, even highly unlikely, yet that happen and in doing so change the course of history.

According to some sources, only 10% of any business strategy plans are ever effectively implemented.

As free and freely available software that has helped millions of individuals and enterprises easily establish a presence on the web, WordPress has a reputation for being well-designed and reliable.

You mean, there is one? Yes, indeed – You see, online dating organizations are all about asset relationships, preferences, likes and dislikes.

Hooray for World Backup Day, you might think, reminding people how important it is to safeguard data and systems.

A well-paid, but heavy responsibility with a built-in ejector seat is one way of looking at the CISO position.

You’d be surprised at the emotional bonding that can go on between users and their IT hardware devices but there’s a difference between managing your asset appropriately and actually collecting a heap of junk hardware you’ll never use.

How do you measure your IT service success and failure? Performance numbers and metrics can be valuable, because they help you to improve, as well as to defend your IT service management against possible criticism.

Enough of the four-letter acronyms! CMDB, in case this had slipped your memory, stands for configuration management database.

IT risk management can be a risk all by itself. Although the principles sound straightforward, applying them incorrectly can lead to wasted effort, mistakes in risk postures, and failing to spot relevant risks or changes in those risks.

Don’t worry, all you IT people, you won’t lose your jobs because IT service management changes its name.

When you shove things higgledy-piggledy into your desk drawer, just to clear space in your workspace, you have a quick solution, you also have a dirty solution, because trying to find the key to your filing cabinet will take you ages afterwards, and Yes, you’ve just experienced technical debt, first hand!

IT risk management is a common thread running through IT investments, IT security, IT disaster recovery, and business continuity.

If ain’t broke, don’t fix it, as the saying goes. However, even unbroken IT installations must be fixed by patches, upgrades or redesigns to meet new business objectives. ITIL Problem Management Processes tackles the issue by taking a problem-solving and root cause approach.

This is a little like asking “how long is a piece of string”, except that in this case the string may already be a lot shorter than you imagined. Passwords are often the bane of the IT helpdesk.

Does talking about these items in the same breath seem incongruous to you? After all, IT service management is typically viewed as technology at the service of an enterprise and its end-users, helping productivity, rather than being linked directly with motivation.

So much of business is being scrutinized through the lens of uberisation that it would be an omission (and possibly a dangerous one) to neglect a quick squint at business continuity.

Sure, as a CIO or IT manager, you know what IT risk management is. It’s all about applying risk management principles to IT, including the adoption, ownership, operation and influence of IT within the larger context of the enterprise but in terms of risk management language, are these principles communicated properly across the organisation?

“Here, take my old PC. I’m getting a new one to help meet my advanced needs, but this one will surely do the job for you.” This, in a nutshell, is cascading in IT asset management.

On the face of it, it sounds simple. IT strategy should be driven by business requirements.

Wait a moment, does it actually make sense to talk about shadow IT and sourcing strategy in the same breath?

If you’ve archived backups of data for contractual or regulatory reasons, do you also need to back that data up?

There is some deeper relationship between IT security and the sea that has yet to be fathomed.

Take IT as a service, IT governance and maybe some business process execution language, and mix them all together.

People and organisations generate more data than ever before. Smart software can analyse mountains of data and offer insights and recommendations, or even take decisions.

What were Australian’s doing on the evening of the 9th of August, 2016? All jumping on the bandwagon to fill out their Australian Bureau of Statistics (ABS) Census details on the Census website.

If you’ve met blockchain before, it may well have been in the context of the cyber currency Bitcoin.

What do ITIL and DevOps have in common, you may ask – apart from the syllable “Ops”? So far these two items have had little overlap, but that may now start to change significantly.

In business risk management, risk-reward is a concept known by many, but understood by rather fewer.

Enterprises can come up with all sorts of schemes for cutting waste and costs, ranging from cancelling coffee machines to selling off entire business units.

A survey showed that commuters in London more often than not (more than 70%) would reveal their computer password in exchange for a bar of chocolate.

Now that business apps (that really can help you do better business) are available immediately in the cloud, the internal IT organisation may find itself being ignored as the shadow IT.

What would you expect residents of Sydney to be doing Sunday afternoon and evening, 5 June 2016?

It would be risky to generalise from one specific example in IT security, but the case of fake ransomware is intriguing.

Supply Chain Resilience have so many moving parts that rapidly becomes a priority issue.

In business continuity planning, business impact analysis or BIA is possibly the most critical part.

Let’s be honest. Between ‘Risk Evaluation’ and ‘The Science of Danger’, the second name has more star quality.

Where do cyber criminals focus their attacks? On the organisations with the information of most interest or highest worth, naturally enough.

As IT morphs from legacy on-site systems and firewalls to cloud computing, mobility and data-anywhere, it is having to change in terms of agility and security.

Looking at how other enterprises organise their business continuity can be beneficial for two reasons. First, it helps to compare your own preparations with those of another entity.

IT Security perimeters no longer exists, now that mobile and cloud computing are so prevalent. The availability of files and information to employees in the office, on site, on the road or at home is high.

Remember the economic meltdown (almost) of eight years ago? Two buzzwords came to the fore at that time. One was “systemic risk”, the risk that applies to an entire sector or domain; in this case, the global economy.

Often, techniques that are invented in one domain can be of use in another one too. If you’ve spent your working in life so far in business continuity, you may not have seen much of the lean approach that is frequently used in manufacturing.

The company has a vision of making its Messenger app the default communication mode for businesses, whether with other businesses or with customers.

On the face of it, business continuity is a robust process. You gather the appropriate information, apply methodologies to assess business risk.

It is easy to indulge in navel-gazing when it comes to business continuity. We examine your business, its components, its requirements, its objectives and the risks that could affect it.

A Local Resilience Forum? Should you have one? Also referred to for short as an LRF, the idea is to bring together different respondents in a local area in order to guarantee cooperation

Current press coverage may be focusing on exaflops and artificial intelligence, but the IT success story of the decade is still likely to be cloud computing as Cloud Business Continuity struggles to bring much progress.

Smart mobile has so far been largely a consumer-driven market. That has been good news for the business sector. It has reaped the benefits of the technological advances and better user experiences, with which vendors have sought to woo Jane and Joe Public.

Willie Sutton was the man who (according to a popular story) gave the definitive answer to the question “Why do you rob banks?” He said “Because that’s where the money is”.

The economic arguments for bring your own device (BYOD) working are multiple. The first one is that if employees fund their own terminals (smartphones, tablets, portables), their employer does not have to.

Sourcing and procurement in business is becoming less and less hands-off. Gone are the days when an enterprise could shut its eyes to labour conditions in a supplier’s company, as long as the products or services arrived on time and at the agreed cost yet behind the scenes what impacts the most is business reputations when the human element becomes non-existent.

Culture and language determine much of how we live, think and act. So does history. These factors could explain why the Netherlands has gained a reputation as a leading exporter of IT Cyber-Security.

The 2016 Defence Whitepaper from the Australian government is now available online. It discusses a broad range of defence topics, of which cyber defence is just one.

Ransomware attacks are on the rise, according to recent reports. Cybercriminals often favour these attacks, because they find them to be effective and lucrative.

Convenience is the name of the game, especially when it helps customers spend more. The new generation “tap and go” paywave and paypass cards are designed to do that.

If you have a battle box for your enterprise, then it probably contains vital information such as employee and major supplier contact details, the most important business contracts, system codes for accessing or restarting critical applications, and so on.

In an ideal organisational world, ITSCM (IT service continuity management) guarantees rapid recovery of critical IT services after unplanned downtime.

You might not go as far as to bet that they would never, ever suffer a breach of security. Yet today’s scandals seem to concern entities in the private sector.

Timing, as comedians say, is everything. It’s true if you’re on stage entertaining an audience.

Buyers, beware! While a car with one careful previous owner (we’ve all heard that one, right?) may still be a viable purchase proposition, somebody else’s security may be ill-suited to your organisation. Second Hand Security can crop up in situations like company mergers and acquisitions.

As organisations have boldly gone when no enterprise has gone before, meaning out to the far corners of cyberspace, the face of data security has changed significantly.

The Zika virus is turning out to be a bigger and more unwelcome surprise than expected.

How many people in your enterprise use their personal mobile devices for work?

Information security, both in-cloud and on-premise, was somewhat higher profile during 2015. The top three threats for the year for cloud environments were (in decreasing order of importance) app attacks, suspicious activity, and brute force.

With mobile computing already so widespread and the promise to add billions more attached devices, a large part of your security will be determined by the state of your technology.

Revelations of government snooping and pressure on cloud providers to provide customer data to authorities have led to new developments in the way encryption is applied with those ready for the Bring Your Own Encryption (BYOE) phase.

If you use a cloud service or let your employees access company systems from their own smartphones, you’ve probably already noticed how your IT security perimeters has expanded.

Have you ever looked at an IT security plan and wondered, “what’s wrong with this picture?” When words like “policy”, “procedure” and even “implementation” are prominent, but others like “user”, “training”, “performance” and “awareness” seem to be pushed into the background, there may be room for improvement. Unless your context is entirely “lights-out” and computer-driven…

Corporate policies on anything from safety to ethical sourcing are all about rules. Do this; don’t do that! Often created from the experience of everything that went wrong in the past, policies can soon turn into large, unwieldy documents. IT security also has its rules, some of them born of common sense, others of past…

Barrels of apples can go bad, both literally and figuratively, because of just one rotten apple. The rot spreads from one apple to another until the whole barrel is infected. Not so long ago (in 2014), experts from security company ESET discovered 25,000 servers infected with malware, some of these servers being grouped together in…

System hacks, data breaches and information theft are frequently in the news, and will surely continue to feature strongly in 2016. However, recent crystal ball gazing by different actors and experts yielded an intriguing variety of predictions for the coming year. Broadly speaking, there are IT security trends we can expect, those we should suspect,…

What do encryption and reputation have to do with each other? On the face of it, the link seems tenuous. However, if a data breach occurs, encryption could be the difference between intense corporate embarrassment and a corporate reputation that remains untarnished. Of course, we’re talking about than standard encryption of data in transit with…

Does this sound like a contradiction in terms? If your idea of cryptography is all about keeping confidential information hidden from prying eyes, then the idea of applying it to information that is then consumable by others may seem strange, to say the least. However, this is a major function of cryptography too. It makes…

Much of IT security revolves around the question of how much you believe users can think for themselves. Password salting is a solution likely to appeal to those who think users are unreliable, careless or otherwise unable to behave correctly when it comes to the proper use of passwords. Yet the brain is a muscle…

Embarrassing – or inevitable? How you view a failed security audit, whether in IT or at an overall organisational level, depends on whether you think security is a result or a process. There is a fundamental difference between the two points of view. In addition, current trends suggest that security is becoming less of an…

IT security flaws are now myriad, but these four stuck out like sore thumbs at the recent Black Hat Europe 2015 conference on security. Their distinguishing feature for the most part was the massive scale on which hacking could be perpetrated, either because of the number or the size of the systems affected.