Cyber Security Blog

Security vs Defence: Time to move on.

an active defence strategy is built on the assumption that effective defence requires a pre-prepared, active plan to deter, ‘counter-act’, or engage threats as part of a specific doctrine.
Posted: 6 February 2014 by Optimal Risk Admin | with 0 comments

Reflecting on Cyber Threat Summit 2013

Optimal Risk was proud to sponsor this years CTS 2013. Optimal Risk was proud to sponsor this years Cyber Threat Summit, which is now a virtual global event. We presented on two topics highlighting in two parts that If you are not prepared then you should start - and if you think you are then you should test your defence to be sure and reassured. Your customers and shareholders will be too.
Posted: 29 October 2013 by Optimal Risk Admin | with 0 comments

Espionage, The Insider Threat, and why BYOD is Such a Huge Problem

The passive human vector, where staff are either lazy or careless in their adherence to security protocols and individual application of sensible security practices, leads to potentially significant or even catastrophic implications for the organisation. However the critical new element is the BYOD threat. Bringing Your Own [mobile] Device is now the major threat to firms that allow employees to use their own devices in the workplace.
Posted: 12 July 2013 by Optimal Risk Admin | with 0 comments

What does your incident response look like?

Every different type of event should elicit a different response. But turn it on its head and ask what your preparation looks like and this is a very different formula, despite the fact that the two are intimately interdependent and in many ways one should be the negative image of the other.
Posted: 28 June 2013 by Optimal Risk Admin | with 0 comments

Penetration Testing is Failing

We are now reaching the point where penetration testing is becoming ineffective, and there is a long list of companies that are struggling to come to terms with the fact their systems & applications did not withstand an attack even though a penetration test reassured them that they would.
Posted: 24 June 2013 by Optimal Risk Admin | with 0 comments

CYBER War gaming

The emerging concept in cyber defence is war gaming, which is still in its infancy in the realm of critical infrastructure, and sectors where IT infrastructure is critical or fundamental to an operation. The increasing realisation that penetration testing does not address the holistic weaknesses in an organisation’s ability to detect, and respond to a sophisticate attack, as well as its ability to manage a cyber crisis and take the timely decisions to enact continuity plans, is driving the need for more sophisticated exercises.
Posted: 5 April 2013 by Optimal Risk Administrator | with 0 comments

Time to Accept the Value of a Converged Approach

Among operators of critical infrastructure, risk assessment is being forced to adapt to recognise that cyber security in many ways, is now developing the potential to be a more effective and attractive route to attack an organisation; that physical security can be undermined by cyber means, and cyber defences can be circumvented in most cases when attacked from within.
Posted: 18 April 2012 by Optimal Risk Administrator | with 0 comments