Common endpoint baseline controls – removable media management

In this second post on common endpoint security controls, I’ll be taking a look at removable media. Some of the questions I’ll be exploring include: why is removable media such a risk? What is the state of the art in terms of technical controls? Are there alternatives to providing removable media for users within an organisation?

Read More »

Common endpoint baseline controls – AV

Endpoint security is a complex topic, and how endpoints are configured is dependent on the risk appetite of an organisation, the nature of endpoints being used, and the kinds of information being processed on endpoints. What is a good starting point, even perhaps a baseline, for endpoint security control? In this series of blog posts I’m going to explore some of the common baseline security controls used on endpoints, and hopefully highlight the importance of getting the basics right when it comes to the most critical devices in an organisation today.

Read More »

Cisco’s Talos Intelligence on Microsoft Patch Tuesday – July 2018

Lots of interesting patches this month, including around 18 critical vulnerabilities and some key software products are affected.

Patching should be actively managed. If you have urgent patches to apply for your business context, consider using accelerated patching steps.

Summer recess for BCS Dorset events – next event is the AGM

We’ve concluded our run of talks for BCS Dorset this evening leading into the summer recess. Our next event will be the AGM.

For more information please look at our website,

Join us at the next BCS event this week to hear from Geoffrey Darnton

Our next event for Dorset BCS is fast approaching, this Wednesday on the 4th of July. 

Our speaker is Geoffrey Darnton. He is co-author with Sergio Giacoletto of the widely used book – ‘Information in the Enterprise: it’s more than technology’.

Find out more at my previous blog post, including directions, parking and how to reserve your seat now.

Encouraging strong cyber security practices by employees: the first line of defence

End users are one of the key battlegrounds between organisational security initiatives and hackers.

Phishing, malware-laden email, and fileless attacks are some of the most widespread attack vectors, making end-users the first line of defence.

The SANS Ouch! Newsletter is issued monthly from SANS and provides some good quality guidance on topical issues in cyber security. Most importantly it is written in a way that non-specialists can understand and apply.

Adopting your own organisational bulletins on security, or even including them as part of a larger publicity programme, can make a big difference to organisational cyber health.