CSF Blog


“There are no computers, only networks.”  We might not be too far off that reality.  And that reality puts a lot of responsibility on whoever runs your network.  It’s likely that one way or another your network is your weakest link, and that as an information security officer you’ll know that your ‘data in transit’ is the most vulnerable state of your most precious asset. Wrongly configured and ill-protected networks are the stuff of infosec nightmares, and routers with default passwords are the genesis of such dreams.  Check now with your network guy/gal (or with yourself if you have the responsibility in your charity) that there isn’t a router with […]

Posted On: 06 Dec 2015

Database security

To paraphrase a saying “There are no old, bold, DBA’s”.  That’s “database administrators” in case you were wondering, and one might go even further to say that there may not even be any DBA’s before too long.  Demonstrably secure relational databases should be a thing of wonder; users who can ‘write down’ but not ‘write up’ should be revelling in the knowledge that they will never accidentally overwrite the major donor address records, let lone be able to access them; and information security officers should be rejoicing in the knowledge that their corporate databases embody the only ACID test that matters.  But all this database stuff seems to have been a […]

Posted On: 08 Nov 2015

Time to get serious

Security is something we should all take seriously  And the 26th of October marks the beginning of Security Serious Week.  Raising the profile of information security whether it be in our businesses or our own personal lives is part of the job for information security professionals and the job can get a bit easier when we have initiatives like this dedicating five days to help everyone understand the importance of information security in a cyber-hostile world. The folks at Eskenzi PR have motivated the great and the good to get behind this campaign with a series of events and resources that will help you sharpen up your infosec knowledge.  There’s […]

Posted On: 16 Oct 2015

Free systems?

The price of free isn’t the same as ‘no cost’.  Likewise ‘open source’ doesn’t equal free.  Also ‘free subscription’ doesn’t mean that you don’t pay.  The price of free, often or not, is yourself.  You my friend are the product and the systems you sign up for as ‘free’ are a contract to your willing participation in being sold.  Sorry for the harsh reality but folks really need to be able to differentiate between corporate and personal, and make a value judgement on what they’re prepared to sell in return for a service.  As an individual it’s your choice and there are some services that I will happily use in […]

Posted On: 17 Sep 2015


With the amount of stuff published in the public domain one could be forgiven for thinking that society had given up the notion of ‘private’.  Share and share alike seems to be the norm, to the extent that it has become tricky to determine just what is to be kept private.  And that which is to be kept private of course seems to have become the target for hackers in a never ending quest which one might suppose is to make all data public domain.  I suppose it’s a point of view. In the interim before we reach this dystopia it may be worth giving a thought to what information […]

Posted On: 16 Aug 2015


Sponsors of the CSF

if you'd like to support the work of the Charities Security Forum and see your logo here then please email us at info@charitiessecurityforum.org.uk to discuss sponsorship opportunities.