Cloud Security Alliance UK & Ireland

I am delighted to have been appointed to the executive board of the new UK & Ireland chapter of the Cloud Security Alliance. I'm Chair of the Advisory Board which will give me plenty to work on over the next few months! I gave the keynote at our inaugural chapter meeting last week and really enjoyed the feedback and audience participation. Our next event is on Thursday 21 April when we are hosting a summit in London, inside Infosecurity Europe 2011.

Hot topics for 2010 - discuss!

I've just been asked for my "hot topics" in infosecurity for 2010, so I thought it would be interesting to throw these out at you and see what you think, so here goes:

1. Security awareness
It's increasingly obvious that technical controls alone are not providing organisations with the security they need. Staff education and awareness, delivered in a creative and imaginative way, is critical to managing information security in 2010.

2. Cloud computing
Few organisations are giving serious consideration to the security risks inherent in the cloud computing model. Whilst day-to-day operations can be outsourced in this way, the responsibility for security cannot. A combination of technical, legal and audit skills are required to ensure the security of data in the cloud.

3. Defense against cybercrime
Organisations continue to underestimate the devious nature of cyber criminals and have little or no commitment to "thinking like a hacker". This mind set is critical in order to apply budget and resources to the areas where criminals are most likely to attack and to counter their methods effectively.

Opinions anyone?

It's that time again!

Once again it's almost time for Infosecurity Europe and this year I seem to have a very full diary for all three days!

On Tuesday 28th April at 12:00 I'm giving a talk on "Cloud Computing: 50 Ways to Lose Your Data" closely followed by a press conference on a nasty new trend in compromising e-commerce sites.

On Wednesday 29th at 15:00 I'm wearing my white-hats.co.uk and ISACA hats and chairing a security expert panel on "Social Engineering: Techniques and Mitigation", a topic very close to my heart!

Then finally on Thursday 30th, again wearing my white-hats.co.uk hat, I'm facilitating two different discussions in the new Security Cafe one on "Laptop Security - Understanding The Threats & Countermeasures" and the second on "Wireless Security - The Real State Of Play" which is about threats to corporate security through insecure home wireless networks.

I'll be ready for the long weekend after all that!

Cloud computing

Data Security Podcast recently asked me to comment on the security issues in cloud computing - the result is here if you're interested. Nothing revolutionary of course, just best practice and my usual hatred of passwords :-)