Tag: threat

Defense

Threat Modelling 101

What is a threat?

https://csrc.nist.gov/glossary/term/threat

According to those clever people at NIST it is:

“Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.” Read more “Threat Modelling 101”

Defense

Understanding Penetration Testing Scopes

“Can I have a penetration test please” is about in line with saying “Can I have a car please?”. Why am I writing a blog about this? Well, where do I start, so I have been working on the technology world basically all my career and over the last 20 odd years one area of digital security management that I think a lot of organisations and people struggle with is understanding just what a penetration test is, how it should be used, how long they can take and what is involved. Read more “Understanding Penetration Testing Scopes”

Breach

British Airways breach

Not what you want to see when you’ve just paid for a holiday!

As reported across major news networks over the world, British Airways has suffered a data breach that not only includes customer data but also includes payment details. Details from 380,000 customers have been accessed by an unauthorised third party. More details can be found on news sites such as:

https://www.theregister.co.uk/2018/09/06/british_airways_hacked/

https://www.bbc.com/news/uk-england-london-45440850

It’s likely that attackers have compromised a web service which is linked to payment services, however no specific details have been released yet so until then we can only speculate.

In this post we look at the information reported by British Airways, guidance for customers from BA, ourselves and NCSC but also we discuss the steps business’s should be taking to ensure they have a strong security posture, especially where customer data is concerned. Read more “British Airways breach”