A rather interesting article. What I like is the description it provides of the attackers potential landscape in today’s global, verbose connected world. It does give some recommendations which I’ve summarised below:

1. Focus your efforts on those assets that could ‘ruin’ your company following a successful attack. This way the real attacks are not lost in the noise of monitoring of all systems.

2. Make your information/communication assets dynamic. Each asset should report to a  real-time inventory system. Make it graphically intuitive, so ‘alien’ systems are quick to alert.

3. Obviously to be proactive rather than reactive. Although I would say that this is more with having an InfoSec program that is trained in forensics and understands the law when it comes to ‘nailing’ down attacked coming from the ‘inside’.

I’ve been publishing on the subject of personal privacy since 2007, and finally, now, in 2015 I decided to take my CIPP/E. The CIPP credential says you know privacy laws and regulations and how to apply them according to the International Association of Privacy Professionals (IAPP).

Why did I take this certification? After all I have a Masters Degree in Information Security in supposedly the most famous (in this subject) globally, with the Royal Holloway University of London (RHUL). I also have an MBA with Henley Management School (University of Reading). On top of 20 years of rich experience in IT and IS, it looks as though I am in the league of ‘over-qualified’ and then ‘what next?’. Or am I?

No! I am driven by a desire to ‘fix the Swedish ID promiscuity problem’. (There is more on this in my blog, lots of posts.) I took CIPP/E to get a toolkit that I could use to stop, my and your Swedish ID, being publicly sold online without my or your consent! So now I finally understand what the problem is, and I believe I can solve this, to finally squash this conflict between ‘freedom of information’ laws and ‘PuL’. Watch this space…..

Apparently they are, even beyond prioritising encrypted communications in their search results. Google take action, and they are encouraging you to be a part of this.

I was there and it was energising!

Key takeaways for are:

1. Surveillance (and/or sousveillance) irrespective of the the details, e.g. tracking, storecards, whether you care or not, ultimately causes human beings to change their behaviour. The act of observing, the consequences have a severe impact on innovation and thinking doing things that are not conforming to society norms.

2. Do what is right, what you believe in, not what others want/expect you to do. Social media is a median to cause you to not act as is natural, but what you think others will be pleased with.

3. Surprisingly for a European, I have discovered that there is a strong privacy movement in the US, and in many ways they are ahead of the EU, which is rather odd, and I’m still trying to get my head around this!

I am sure it is no news to any of us that Anonymous the infamous hacktivists movement are taking up cyber arms against extreme militants following the horrific attack on Charlie Hebdo

Love them or hate them they are here to stay and cannot be ignored.

In fact the more I read on this the more I imagesstart to speculate on the place of cyber activists in the future of our global digital verbose and connected world that we are all a part of today?

And you know you don’t even need to be a hacker to be a part of their attacks on institutions or/and people that restrict the human right of freedom of speech. All you need to do to be a part become a sympathiser and become a part of their movement is visit their chat rooms, see what is the latest target, click on the appropriate icon, and lo-behold you will be one of the millions of PCs to launch a DDOS attack. See how Geoffrey ‘Jake’ Commander a 66-year-old British rock guitarist who’s worked with George Harrison, Elton John and Electric Light Orchestra, who participated in the December 2010 Operation Payback, an Anonymous campaign that brought down many financial websites including VISA, MasterCard and PayPal by launching massive distributed denial-of-service (DDoS) attack.

Crowdsourcing, crowdfunding, the crowd movement enabled by todays connecting technologies is bringing a new energy to the people, and experienced world-wide power, bottom up with the Arab Spring. There have always been activists fighting for what is right, fighting against greed and corruption, what has changed now is that it has not only become a force in the digital world with cyber activism with hacktivists on the forefront, but the linkage with the empowering capabilities of social media, such as Twitter, Facebook, Instagram, and Google Maps to bring people together to protest on the streets coordinated across the world.

Power to the People‘ is taking on a new guise, and this is for real!

I was about to write an email to someone I respect deeply about how my thinking on information security had changed since we last met in the summer of 2013. Then I wondered if I’d actually written a blog post on this? I searched and found nothing, so surprised that it is not here. It is pretty straight-forward, on the verge of  “obvious my dear Watson” ;-)

Clearly security is broken, however hard we work, our security programs interlaced with security technologies are not effective. Our security programs are not watertight.

So here we go:

1. Security is only as strong as the weakest link – an obvious deduction even for the non-security geeks amongst us ;-)

2. The weakest link in the chain is the Human Factor of Information Security, something David Lacey wrote a whole book on in 2009.

3. If the identity thing, you know the technology aspect of ‘the human aspect of information security’ had been architected correctly from the start, we wouldn’t be in the shit that we are today when it comes to a water-tight security programmes!

Follow

Get every new post delivered to your Inbox.

Join 163 other followers