Profile cover photo
Profile photo
Gary Hinson
Infosec pro with a keen interest in security awareness, standards and metrics
Infosec pro with a keen interest in security awareness, standards and metrics

Communities and Collections
View all

Post has attachment
NBlog September 20 - Phishing awareness & cultural change
This plopped into my inbox last evening at about 8pm, when both ANZ customers and the ANZ fraud and security pros are mostly off-guard, relaxing at home. It's clearly a phishing attack, obvious for all sorts of reasons ( e.g. the spelling and grammatical er...

Post has attachment
NBlog September 19 - what is 'security culture'?
For some while now, I've been contemplating what security culture actually means, in practice.  Thinking back to the organizations in which I have worked, they have all had it some extent (otherwise they probably wouldn't have employed someone like me!) but...

Post has attachment
NBlog September 15 - symbolic security
An article bemoaning the lack of an iconic image for the field of “risk management” ( e.g.  the insurance industry) applies to
information risk and security as well. We  don’t really have one either.  Well maybe we do: there are padlocks, chains and keys, h...

Post has attachment
NBlog September 13 - surveying the corporate security culture
Inspired perhaps by yesterday's blog about the S ecurity C ulture F ramework , today we have been busy on a security culture survey, metrics being the first stage of the SCF. We've designed a disarmingly straightforward single-sided form posing just a few s...

Post has attachment
NBlog September 12 - Security Culture Framework
In preparing for our forthcoming awareness module on security culture, I've been re-reading and contemplating Kai Roer's  Security Culture Framework  (SCF) - a structured management approach with 4 phases. 1. Metrics: set goals and measure Speaking as an ad...

Post has attachment
NBlog September 11 - Security culture
Last night we watched a documentary on the History Channel about 9-11 - a mix of amateur and professional footage that took me back to a Belgian hotel room in 2001, watching incredulously as the nightmare unfolded on TV. Tonight there are more 9-11 document...

Post has attachment
NBlog September 8 - security certification
Aside from the elevator pitch , another short awareness item in our  newly-revised Information Security 101 module is a course completion certificate, simply acknowledging that someone has been through the induction or orientation course. I say 'simply' but...

Post has attachment
I learned today that the authorities have finally responded to the limitations of laboratory testing of vehicle emissions by introducing road-based testing on actual vehicles on actual roads. We can thank VW for this: their public outing over 'bending the rules' (yeah, right) through special engine management system functions and configurations designed to detect and pass the laboratory tests meant that pure lab tests can not longer be relied upon. I wonder if new vehicles with GPS capabilities will now mysteriously reduce their emissions in the geographical vicinity of the known testing places where on-road tests are most likely to occur? The game continues. Meanwhile, the rest of us choke on the fumes and suffer extreme weather such as we see on the news right now.

Post has attachment
NBlog September 6 - passwords are dead
I've blogged about passwords several times. It's a zombie topic, one that refuses to go away or just lie down and die quietly. On CISSPforum, we've been idly chatting about user authentication for a week or so. The consensus is that passwords are a lousy wa...

Post has attachment
NBlog September 4 - InfoSec 101 elevator pitch, final part
Moving on from our discussion of the first two paragraphs of this month's elevator pitch paper in part 1 and part 2 , here's the closing paragraph: As a manager, you play a vital governance, leadership and oversight rôle.  Please make the effort to engage w...
Wait while more posts are being loaded