Password Security

Risk of re-use: Password Security

This week is an ideal time to provide some insight and context for those who re-use the same password across multiple websites and services. We’ve touched on this topic previously, but a more thorough explanation may help you re-evaluate your existing password security. The risk with re-using passwords isn’t limited to the strength of the[…]

Covid-19

Security Attacks on COVID-19 research facilities

We’re seeing a substantial increase in the number of attacks against the COVID-19 supply chain, with a significant focus placed on those producing vaccines. A recent report by the UK National Cyber Security Centre (NCSC) provides advisories on identifying and mitigating the attack vectors used to compromise systems for data exfiltration. Investigation by NCSC and[…]

Development pipelines

Integrating Security into your Development Pipelines

Implementing security into an already established and successful development pipelines can be both difficult and intensive. However, ensuring that product delivery also encompasses security through relevant testing is vital for continuous improvement. Our article this week will focus on how you can begin to review and implement security testing into your development pipelines, and how[…]

Confidentiality, Availability and Integrity

Confidentiality, availability and integrity, known as the CIA triad, are considered the most crucial parts of security. Confidentiality – is the assurance the information is not disclosed to unauthorised individuals, processes or devices while making sure authorised personnel can. The confidentiality of data can be adhered to by utilising strong complex passwords, two-factor authentication and[…]

Event logs

Event logs are detailed records containing information relating to what occurred on the device. A log entry is created for every event and application notification on a device within the network and are often categorised with a severity level ranging from information through to critical. Windows event logs can be utilised by the network administrators[…]

Policies

A policy contains numerous ideas or a plan of what should be done in certain situations. Businesses generally have policies relating to HR and finance but are lacking in security policies. An information security policy is used to describe a set of rules, inclusive of allowed and disallowed behaviour for its information systems and assets[…]