All documents are in PDF 1.4 format, compatible with Adobe Reader 5.0 and higher
You've Got Your IDS...
A review of government departmental information security by the Western Australian Auditor General demonstrates that throwing money at the problem is not enough – you also need a strategy, sound tactics and responsible operations.
Who Needs Hackers?
A widespread payment card breach via the POS terminals of several US retail chains demonstrates the dangers of failing to impose standards on and supervise your outsource services.
Too Many, Too Often, Too Serious
Common characteristics of breaches at RSA, DigiNotar and the linux kernel archive cause us to recommend that third party online services should be required to publish the fact, if not the detail, of their security incidents.
How Not to Secure a CA
What went wrong at DigiNotar? The catalogue of technical failures that contributed to the breach strongly suggest inadequate governance – and that breach closed them down permanently.
Expertise or Incompetence?
How do you judge the competence of experts? Every successful breach is ‘sophisticated’ – or is it? Nonsense and snake oil abound – particularly in the press – and unfocused Fear, Uncertainty and Doubt still dominate ‘expert’ pronouncements.
In Hindsight We Need Foresight
The fact that a non-technical Georgian grandmother could effortlessly disconnect the whole of Armenia from the internet suggests that infrastructure robustness requires some strategic thought.