I thought it may be of interest. 😁

Let me know what you think. I thought it was good, if a little optimistic, but then it does focus on just the events and psychological aspects of the attack.

a cartoon character says it 's a trap in front of a starry sky ALT: a cartoon character says it 's a trap in front of a starry sky

People when they start working in infosec: I wanna be a hacker!

People when they work in infosec: Another due diligence questionnaire? Kill me now!

a bunch of buns with faces on them are sitting on a counter ALT: a bunch of buns with faces on them are sitting on a counter

Today, I plan on finishing my CAIQ.

a man wearing glasses and a green and white shirt looks at the camera ALT: a man wearing glasses and a green and white shirt looks at the camera

LinkedIn is a strange echo chamber.

When I'm between contracts, I read it.

When I'm working, I don't have time to read it.

Which means that it's mostly full of non-working people, desperate to sell their product or service to each other.

That would be the DONK variant.

NIRS fire destroys government's cloud storage system, no backups available A fire at the National Information Resources Service (NIRS) Daejeon headquarters destroyed the government’s G-Drive cloud storage system, erasing work files saved individually by some 750,000 civil se...

A recent fire destroyed a South Korean government's cloud storage system, reportedly leaving no backups. This incident is a critical reminder for everyone: You must keep verified backups in multiple locations. Please follow the standard 3-2-1 backup strategy if you care about your personal data

I watched The Days Ahead, three short stories about the days around a limited nuclear strike against the UK. It wasn't too bad; just a little optimistic.

@cybergeekgirl.bsky.social

watch.amazon.co.uk/detail?gti=a...

a picture of a seal with the words he was forced to use java above it . ALT: a picture of a seal with the words he was forced to use java above it .

I propose that we have an X prize for the first person who creates an AI which can accurately convert Java to C++ and compile it into a deployable, efficient package.

The other end is in Deus Ex:

a man and a woman are standing on a blue carpet in a hallway ALT: a man and a woman are standing on a blue carpet in a hallway

Woo!

a cat is drinking from a cup of tea on a table . ALT: a cat is drinking from a cup of tea on a table .

Need tea. Send tea.

a man is holding a small orange in his hand and making a funny face . ALT: a man is holding a small orange in his hand and making a funny face .

AI is getting better, but still feels over hyped.

If you've been on social media and seen any of the cooking, hack or crafting videos, you'll know that humans do a much better job of making mind bending rubbish than AI will be able to for a considerable time.

The average vehicle has three dial home devices which send all kinds of data back to the manufacturer of the vehicle and its parts.l, so this is not at all surprising.

Majority in UK live in homes getting more benefits than they pay tax A record 35.8 million people live in a household receiving more in state handouts and services than they pay in tax, according to new figures laying bare the reality of benefits Britain.

High cost of living and low wages cause people to need more money to live on than they pay in tax on their meagre income shocker:

Over half of UK population live in households that get more in benefits than they pay in tax - and it's set to get worse share.google/Qo12TkRjkuRk...

Keir Starmer to announce plans for digital ID scheme The prime minister believes a new scheme would help crack down on illegal working in the UK.

Oh great....

BBC News - Starmer to announce plans for digital ID scheme
www.bbc.com/news/article...

"Co-op chief executive Shirine Khoury-Haq said she was proud of how the business had responded to the attack and that it highlighted many "strengths"."

Apparently poor decision making and risk management is a "strength" now.

Co-op says cyber attack cost it £206m in revenue The retailer's IT networks were infiltrated by hackers in April, leading to payment problems and shortages of goods in shops.

Remember that someone inside CoOp decided that it wasn't worth spending 0.25% of this amount per year to prevent this loss.

BBC News - Co-op says cyber attack cost it £206m in revenue
www.bbc.com/news/article...

Although this isn't a foolproof scheme, it's amazing how many companies ignore audits completely until they need to be audited and then panic!

4, Check everything is in place before the audit starts.
5, Meet with the auditor and give them access to all the evidence that you've collected.
6, Meet with them after they've had a chance to review everything to see what else they need.
7, Be honest if you lack something they need.

If audits are a nightmare, you're doing them wrongly.

1, Prepare a list of documents that the auditor is likely to want to see.
2, Plan to produce these documents across the non-audit period.
3, Embed documentation and evidence requirements into business processes.

a grumpy cat is being held by a person ALT: a grumpy cat is being held by a person

I've had three "invitations" to attend security conferences, this week, where I've been offered a chance to attend as a VIP "for only £199.99!".

They are successfully discouraging me to attend in any capacity.

I abandoned Chrome a couple of years ago.

Getting used to being without it took some time, but there are far better browsers out there.

a toddler is crying in front of a christmas tree . ALT: a toddler is crying in front of a christmas tree .

Will the parents or guardians of little Donald please come and collect him from the visitors centre at Windsor Castle?

California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing Gov. Gavin Newsom vetoed an earlier version of the bill that also would have applied to mobile operating systems.

California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing

via @suzannesmalley.bsky.social & @therecordmedia.bsky.social

Ah, that takes me back!

I remember the TV advert where a Big Track delivered an apple with the optional tipper (which I swear didn't exist as I didn't know anyone with one!).

The point is that the purpose of any security function is to support the business in whatever format that takes. Even if you think that's a dumb request, you do it or you challenge it with a strong business case explaining why it's a dumb idea. Refusing because of your ego never goes down well.

Do holding certificates make you secure? No, but it gives you a baseline.

And having a baseline is far more valuable than people who don't hold anything because they believe that the certs aren't worth much.

From a business angle are non tech people going to overlook a SOC 2?

No wonder information and cyber security are in such a state when the industry is full of "senior" people who don't understand the basics.

Knowing what different reports and audits mean is essential to assessing risk and implementing controls.

robert downey jr. is wearing a suit and tie with his arms crossed and a beard . ALT: robert downey jr. is wearing a suit and tie with his arms crossed and a beard .

"PCI DSS isn't about security, it's just a best practice. I need to see your full pentest report.".

Um, no.

Firstly, a QSA audited PCI DSS assessment is a security assessment.

Secondly, full pentest reports are confidential.

Thirdly, the QSA assessed the pentest!