We, Avisi, have started an agile journey. A journey with one destination: a fancy ISMS for Avisi. I gladly take you along on our trip, by blogging about the adventures we’ve been through. So fasten your seatbelt securely, we will travel through a roadmap to remember.
What is an ISMS?
ISMS stands for Information Security Management System and its purpose is to offer a solid foundation which consists of organization’s main policies (where I prefer to call it principles, rather than policies) when it comes to securing information. Continue reading
Last week I went to a fair about Information Security. I signed up for two presentations about an adjustment in the law ‘Wet bescherming persoonsgegevens (Wbp)‘ called ‘meldplicht datalekken‘. This law obligates organizations from January 1st 2016 to report data breaches that affect personal data to the ‘College Bescherming Persoonsgegevens (CBP)‘ and the persons affected. The presentations were very interesting, so why not share my obtained knowledge with you. Continue reading
Recently I registered for an IT Security event, hosting trade shows and seminars addressing IT-security. After registration and logging in on their website with the credentials which were sent to me (by e-mail, in plaintext) something occurred to me: I was missing the ‘green lock’ in my browser’s address bar (). It turns out that the website happily lets you fill in your personal information and credentials over an unencrypted HTTP connection. Worse: it doesn’t even support HTTPS at all. How can an organisation which is dedicated to IT-security justify such a potential information leak?
Once more it became clear to me that security is easy to preach, but pretty hard to put into practice.
In the fall of 2013 we decided it was time to rebuild our infrastructure from the ground up. New hardware, a new server rack and a brand new infrastructure. As you can read here, it was quite the project. When we finished rebuilding the new infrastructure at the end of last year, we obviously had a few beers to celebrate. And then…we noticed a pile of around 80 old hard drives (that had been replaced by new HDD’s with more capacity).
Thursay Febuary 22nd, San Francisco CA
W3Conf is W3C’s annual conference for web professionals who want to hear the latest news on HTML5, CSS, the open web platform and their place in it…
See day 1 resume here
Yesterday was a very interesting day… so expectations are high for today! Here we go!
For reasons of convenience most secure websites are accessible through both HTTP and HTTPS. On request, the HTTP site simply redirects the user to the HTTPS site. This method, however convenient, does pose a considerable security risk. Indeed hackers can easily perform a ‘man in the middle attack’ based on the HTTP request.
A lot of things I saw on Devoxx do not warrant their own blog post, but they are interesting enough to mention.
Is security important? Of course it is, but it seems like a lot of people don’t really occupy themselves with it too much. I understand that of course because security can definitely be a hassle. I guess the most important thing regarding security though is that people are consequent in their actions.
So let’s do a bit of self reflection on the issue:
For almost a year now I’ve been testing a Yubikey hard token. Basically, it’s USB-key that adds strong two factor authentication to the process of logging in to my computer. You can check out my previous blog post on exploring hard tokens and the need for better identity management.
Now it’s time to update you on my experiences thus far…
I’m currently looking around for a great all around solution for identity management. Apart from offering top notch security, the main criteria is that it should be very simple and easy to use.