BMAR Security Research

The Failure of Tactical Security

Benjamin — Wed, 28 Sep 2011 11:07:09 +0000

Information security within organisations has to date, largely been driven by reactions to immediate, impending threats; breaches and other incidents. Other drivers can come from managers or executives beginning to understand the importance of information security but often only reacting tactically to perceived and / or “marketed” threats. The problem with these is the net negative operational impact they have on the organisation’s information asset environment. Individual issues get targeted rather than broad-spectrum mitigations with a better return on investment.

Original post blogged on b2evolution.

Senator Conroy increases insecurity

Benjamin — Sun, 11 Apr 2010 12:36:57 +0000

I would like to congratulate Senator Stephen Conroy, Minister for Broadband, Communications and the Digital Economy within the Australian Government, for greatly assisting Australian businesses to become less secure. Yes, you're reading that correctly…

Original post blogged on b2evolution.

Finding your way in the clouds

Benjamin — Thu, 18 Mar 2010 06:58:00 +0000

In August 2009 I wrote of my concerns regarding the drive to place core business functions in to the cloud. I wrote that the cloud, whilst on the surface attractive due to potential management savings, presents the potential user with many traps that co…

Original post blogged on b2evolution.

IT Experts With Their Heads In The Clouds - Updated 13/08/2009

Benjamin — Wed, 12 Aug 2009 07:49:10 +0000

"To have one's head in the clouds" is a saying that means one is prone to having fantastic or ridiculous dreams, to be thinking impractically, to be prone to day dreaming and to be disconnected from reality. Whilst this is an old saying that has been us…

Original post blogged on b2evolution.

Achieving a Practical NAC Solution

Benjamin — Wed, 05 Aug 2009 17:28:49 +0000

NAC (Network Admission Control or Network Access Control) has existed for a few years now, yet we still haven't seen wide spread adoption of it within the corporate network environment. Despite being pushed by the major network solution vendors, includi…

Original post blogged on b2evolution.

The forgotten component of Information Security

Benjamin — Tue, 04 Aug 2009 07:45:26 +0000

When security professionals gather in small, darkened rooms or in large conference halls to discuss the latest developments in information security the normal direction of the conversation is towards the newest attack to be released against computer syst…

Original post blogged on b2evolution.

CISO - The Gerbil in Lions Clothing

Benjamin — Tue, 04 Aug 2009 07:44:08 +0000

(This entry was originally posted on 26/08/08) A recent entry in to the ranks of corporate "Chiefs" is the CISO (Chief Information Security Officer). Ostensibly the general definition of the role of CISO within an organisation is to be responsible for…

Original post blogged on b2evolution.

Abrogation of responsibilities through privatisation.

Benjamin — Tue, 04 Aug 2009 07:43:12 +0000

(This entry was originally posted on 14/04/08) Deputy Prime Minister Julia Gillard has just announced the Australian Federal Government's plan to provide legislation to allow employers to monitor and read employee emails on the grounds of national sec…

Original post blogged on b2evolution.