In January 2015, the UK government’s ‘technical authority on information assurance’ (CESG) announced the end of the requirement for systems security accreditation. I remain a watcher of the British government’s way with information security. This goes back to my own work on accreditation, from the time when it was launched in the mid-90s up until […]
The last GASSP
Why can’t information security people all use the same terms of reference and speak a common language? This thought last came up for me when working to produce multiple-choice questions for an information security exam. My carefully worded ‘wrong’ choices (called ‘distractors’) as well as my correct choices all had to be backed by referenced […]
Tips for improving BYOD security
My former work in British government security department ensured my first response to people bringing their own computing power into the office was defensive. How could the presence of uncontrolled, powerful computing devices not compromise security? For everyone else, the concept of BYOD has been a sleeper. There have even been some recent attempts to […]