Cyber and Information Security
What we do
- ISO 27001 Implementation planning
- Analysis of projects and organisations against information security best practice
- Computer Incident Response Team development (CSIRT/CERT)
- Cybersecurity strategic posture assessment
- Cloud security strategy
- Executive spearphishing avoidance training
Cybersecurity is a large part of Information Security, but it is not the whole box and dice. I have come across many people in my travels who forget that the best defence against cyber attack and the greatest weaknesses against same are people. Logically then, people are the asset you want to put the most effort into when developing an information security strategy.
A castle in cyberspace
Cyber security / E-Security strategy for an organisation is conceptually very similar to that of the castle in the middle ages.
Why you say? That is sheer madness, comparing our advanced cyber infrastructure with a dirty castle occupied by a king and queen and a few soldiers!
Well the issue is that castles in the middle ages were more than the homes of noble people and their servants. They were the centres of a community where villagers set up their markets, people from nearby traded and others came to entertain.
Conceptually, this is similar to the network structure that organisations create in order to do business online. Of course, to be totally safe, an organisation could turn off all the computers and put guards at the front door, not letting anybody in, even staff. But they wouldn’t stay in business long…So it was with mediaeval castles. They couldn’t afford to shut their doors for long periods to their community or even to people from other areas because they needed to trade, wanted news and entertainment and couldn’t wield influence if the gates were always shut. That didn’t mean that the peasants could go and help themselves to the gold in the counting house, but they did get past the castle gates…
Security is always a compromise
Security is always a tradeoff between confidentiality of information, integrity and then also availability. The three legged chair is always wobbly because one or other of the legs is too short or too long.
You can read posts related to cybersecurity and technology here, or click Cybersecurity posts on the tab above.