In October last year we witnessed a proof of concept DDoS attack that shut down the Internet by taking down the Dyn’s managed DNS infrastructure, causing disruptions for several major websites, including PayPal, Twitter, Reddit, GitHub, Amazon, Netflix and Spotify. The attack took DDoS to a who...
Managing information security risks is a key process underpinning the security of every organization. Unfortunately, in many cases, information security risk management is still an area of improvement, with many organizations primarily focusing on the implementation of best practice security control...
Many people today call themselves information security professionals but what is an information security professional and what does it take to be one? The Latin root of the word "professional" is profiteri, where pro means "forth" and fateri which means "confess." Taken together, they mean "to annou...
The security industry, more than any other industry, feeds on buzzwords to sell. As security breaches make the daily news hitting every industry and organizations of any size, information security managers are continuously looking for the latest silver bullet and solutions to stay ahead of the game....
Over the years, I have had the pleasure of delivering tens of ISO27001 Lead Auditor and ISO27001 Lead Implementer training courses across the world and many ISO27001 audits and ISMS implementations. One of the topics that people always find a bit challenging to grasp is the different levels of non-c...
Information Security and ISO27001
Whether we are talking about a bank, a telecommunication company, a government office or even a small shop, information is the most important asset organizations have. Yet very few organizations approach information security the right way and thus continuously exp...
Silensec Security Quadrant
A good way to illustrate the current level of security achieved by different organizations across different business sectors is to use a Security Quadrant. In this case the Y axis represents the security competence of organizational staff in the area of IT and information...