Category Archives: Opinion

Database security

To paraphrase a saying “There are no old, bold, DBA’s”.  That’s “database administrators” in case you were wondering, and one might go even further to say that there may not even be any DBA’s before too long.  Demonstrably secure relational databases should be a thing of wonder; users who can ‘write down’ but not ‘write up’ should be revelling in the knowledge that they will never accidentally overwrite the major donor address records, let lone be able to access them; and information security officers should be rejoicing in the knowledge that their corporate databases embody the only ACID test that matters.  But all this database stuff seems to have been a … Continue reading

Posted in Opinion | Comments Off on Database security

Phishing

It takes about six days for folks to realise the enormity of the problem.  So imagine a disaster, say, like the tsunami in 2004, or perhaps Hurricane Katrina.  For many charities engaged in humanitarian work the need to mobilise, and mobilise quickly, in the face of such enormous natural disasters requires funds.  And the human need to support such work results in the generous and unconditional gifting of those funds.  So back to the six days.  That tends to be the time period after which folks want to respond usually with monetary help.  Your charity probably knows this and will gear up to expect this, but the bad guys know … Continue reading

Posted in Opinion | Comments Off on Phishing

Keep Data Safe…

There’s a line to be drawn between Data Protection and Information Security and if your charity is confused about where that line is, or insists that the Information Security Officer doubles up with Data Protection duties, or worse still vica-versa, then maybe it’s about time to review your Data Protection procedures, not to mention your policies, especially given the requirements of the General Data Protection Regulation.  Compliance with its requirements should be a strict matter of governance and not confused with many faces of the field that is information security. The prescribed principles of Data Protection enshrined in law are there to be adhered to.  Whether  data must be processed … Continue reading

Posted in CSF Blog, Opinion | Comments Off on Keep Data Safe…

Networks

“There are no computers, only networks.”  We might not be too far off that reality.  And that reality puts a lot of responsibility on whoever runs your network.  It’s likely that one way or another your network is your weakest link, and that as an information security officer you’ll know that your ‘data in transit’ is the most vulnerable state of your most precious asset. Wrongly configured and ill-protected networks are the stuff of infosec nightmares, and routers with default passwords are the genesis of such dreams.  Check now with your network guy/gal (or with yourself if you have the responsibility in your charity) that there isn’t a router with … Continue reading

Posted in Opinion | Comments Off on Networks

The price of free?

The price of free isn’t the same as ‘no cost’.  Likewise ‘open source’ doesn’t equal free.  Also ‘free subscription’ doesn’t mean that you don’t pay.  The price of free, often or not, is yourself.  You my friend are the product and the systems you sign up for as ‘free’ are a contract to your willing participation in being sold.  Sorry for the harsh reality but folks really need to be able to differentiate between corporate and personal, and make a value judgement on what they’re prepared to sell in return for a service.  As an individual it’s your choice and there are some services that I will happily use in … Continue reading

Posted in Opinion | Comments Off on The price of free?