Technical Aspects of Information Risk

The increasing speed with which new malware is emerging makes countermeasures difficult, particularly in respect of mobile devices that may not touch base often enough for their protection to remain current.

The common technocentric approach to data leakage has two main failings – the definition of rules for DLP appliances can be impractically arduous and time consuming, and evidence shows that at least half of all actioned personal data breaches do not involve technologies at all.

For most commercial enterprises, negligence and ignorance on the part of staff dominate the insider threat. But you can minimise your exposure by implementing least privilege and rewarding good behaviours. The key is to get your people on your side.

Glitches in an internet-enabled set-top box provide a salutory lesson about the lack of engineering discipline in software development.

The 2010 UK Cyber Security Challenge is entirely technocentric, and the contemporaneous US ‘Human Capital Crisis in Cybersecurity’ report contains the word ‘human’ nowhere except in the title. But the basic problems of information security are fundamentally human, not technical.

SIP is capable of being secured as a protocol by the use of extensions. But because it is likely to be ubiquitous very soon, the greatest future threat is implementations containing software vulnerabilities that allow routers to be compromised.

A combination of shallow technical defences and lack of awareness on the part of both end users and sys admins makes the malware distributors' job a push-over.

Web developers have a lot to answer for in respect of both security and usability. The dominance of overcomplex implementation and styling over understanding of the user's needs must be countered to ensure their clients get their money's worth.