Blaming cloud providers for giving in to the demands of US intelligence is a naive approach to a complex issue.
The government has done its bit for cyber security - now it's up to businesses to take action, and quickly.
Having a hard time getting security budget approval? Start by being relevant and communicating.
Understanding cloud computing's impact on all aspects of IT is vital, and this requires a broader set of skills and knowledge that meet the rapid evolution of the industry head on.
Using the incident pit technique in the wake of an attack is the best way to see off future threats to your organisation.
Believe an anti-virus vendor's marketing spiel and you might end up with a naff product - so do your homework.
We are always spoilt in April with not only Infosec, but 44Cafe and BSides London too - and this year was another corker.
Collaboration between infosec professionals and law enforcement agencies is vital, says Victoria Baines, the European Cybercrime Centre's strategy and prevention chief.
Pay attention to the Macs in your office, especially if they are used by people unaware of the risks they present.
Neither automated analysis, nor the manual reading of Twitter posts, is a useful practice for HR to engage in.
Women in Security, recently launched by (ISC)2's London chapter, is actively encouraging women to join the profession and take on those roles for which they are often overlooked.
Password re-use, not to mention default and blank passwords, can bring your whole network to its knees.
We shouldn't let the potential misuse of a product in the wrong hands blind us to its benefits in the right ones.
The convergence of physical and IT security calls for infosec practitioners to adopt 'a design principle', says Eduard Emde, president of professional body ASIS International.
Sensitive data can be tunnelled out of your network in many ways. Fortunately, there are just as many ways to stop it.
The vulnerability of BMWs to 'no key' theft is a case study in what happens if the lessons of IT security are ignored.
Richard Nealon, information security assurance manager and co-chairman of the (ISC)2 EMEA Advisory Board, explains why the organisation's Workforce Study is so important.
Wireless sniffing tools can tell you - and potential wrongdoers - a lot about users of mobile devices.
This year's 44Con did the industry proud, from the new attack on Enigma to the caffeine-infused BlackBerry Lounge.
Effective security requires winning hearts and minds, says Colette Hanley, head of information security compliance at online communications brand Skype.
Sending hackers on a wild goose chase, and 'playing dead' in front of thieves, are brilliant ploys - but they're not enough.
Stuxnet-fuelled talk of the dawn of cyber warfare is, alas, misguided. Sadly, keyboards will never replace guns.
The new EU regulation regarding data protection has highlighted the dire need for security skills development among small and medium-sized businesses.
Mobile device management might have progressed - but so too have the attack vectors and vulnerabilities.
The Curious Case of the Worm-Infected Photo Booth lays bare the perils of shunning security in favour of usability.
The international industry at large can have a bigger say on the big issues, says John Colley, managing director of (ISC)2 EMEA and co-chair of its Advisory Board.
A honeytrap on your network can exploit hackers' desire for an easy win and enable you to catch them red-handed.
There are some interesting ideas bouncing around on the concept of technical debt and security debt.
There is growing acceptance that a concerted effort is needed to overcome the skills gap in the information security industry - and graduate schemes are the answer.
If your staff reveal all on their LinkedIn and Facebook profiles, then your company is a sitting duck for fraudsters.
When disaster hits, it's too easy to pin the blame on one person - fixing the underlying problems is better.
The increasing trend of 'bring your own devices' to work will become the norm for businesses imminently, completely changing the face of information security.
Voice-recognition software has some very interesting implications for security, as soon we might all be using it.
Operation Ore has become a surprising target of criticism, but a close look at the evidence tells the real story.
'What do you want to be when you grow up, Timmy ? A fireman, perhaps? An astronaut?' 'I want to be an information security professional, daddy! Please let me be a CISO, please!'
As ever, technology is being blamed for all of society's ills. A look at the facts behind the stories exposes some flaws.
Are companies thinking about how young people's attitude to technology will affect their business when they come to join the workforce? If not, then they certainly should be.
The cheeky hacking stunts carried out against conference delegates show just how much we all still have to learn.
Bletchley Park's new gallery provides an important working record of history-making technology.
Information security professionals need to better understand and develop business skills - because focusing on technology alone will not command respect in the boardroom.
The best way to test whether your organisation is secured against a hack is to try and hack it yourself.
Alternative security events such as BSides and 44Con have injected much-needed life into the conference circuit.
End-users are changing the game for information security professionals by bringing consumer technology - and the expectations rasied by it - into the workplace.
Security products often do the unthinkable and give the route in because they have not been updated.
The priority for security teams is to get senior management genuinely interested in data protection.
Malware has come a long way since the attack on my Amiga - but so too, despite the criticism have the anti-virus brigade.
Cloud computing is a boon, but its vectors need to be kept on a short leash, says Mushegh Hakhinian, security architect at IntraLinks.
You may be in control of all within the perimeter of corporate security, but when data leaves that safe haven, information rights management is essential, argues security partner of Deloitte, Paul Boichat.
Security awareness is a delicate thing, not something to be forced. It takes skill in selling the awareness message in such a way that people want to learn it.
It is not enough now just to deface a website, you need to totally compromise the victim and publish the results.