Cyber and Information Security
What we do
- ISO 27001 Implementation planning
- Cyber exercise development and testing
- Reviews and audits against published standards
- Analysis of projects and organisations against information security best practice
- Computer Incident Response Team development (CSIRT/CERT)
- Cybersecurity strategic posture assessment
- Cloud security strategy
- Executive spear-phishing avoidance training
Cybersecurity is a large part of Information Security, but it is not the whole box and dice. Lack of process and people issues are significant vectors for attack. Logically then, people issues need significant effort into when developing an information security strategy.
A castle in cyberspace
Cyber security / E-Security strategy for an organisation is conceptually very similar to that of the castle in the middle ages.
Why you ask? That is sheer madness, comparing our advanced cyber infrastructure with a stone and wooden castle occupied by a king and queen and a few soldiers!
Well the issue is that castles in the middle ages were more than the homes of noble people and their servants. They were the centres of a community where villagers set up their markets, people from nearby traded and others came to entertain.
Conceptually, this is similar to the network structure that organisations create in order to do business online. Of course, to be totally safe, an organisation could turn off all the computers and put guards at the front door, not letting anybody in, even staff. But they wouldn’t stay in business long…So it was with mediaeval castles. They couldn’t afford to shut their doors for long periods to their community or even to people from other areas because they needed to trade, wanted news and entertainment and couldn’t wield influence if the gates were always shut. That didn’t mean that the peasants could go and help themselves to the gold in the counting house, but they did get past the castle gates…
Security is always a balancing of risks
Security is always a tradeoff between confidentiality of information, integrity and also availability. The three legged chair is always wobbly because one or other of the legs is too short or too long.
You can read posts related to cybersecurity and technology here, or click Cybersecurity posts on the tab above.