Corporate Forensics Presentation at ISSE 2017

For organisations, wether big or small, the priority when an Information Security incident happens is to resume operations as quickly as possible and minimise disruption. What is very often overlooked is the management of digital evidence generated by an incident, whatever its nature. The sessions endeavoured to explain how to… Continue reading

CEN-CENELEC Workshop on Safety & Security

The CEN-CENELEC workshop on Functional Safety & Cybersecurity last March 16 brought together industry actors and European standardization development organizations. The engagement generated was successful and will be an integral part of the future standardization roadmap for cybersecurity. I was invited to give a keynote speech on the perspective of… Continue reading

Information Security: Lessons from Intelligence Agencies

Information management and security: lessons from intelligence Information in digital form is arguably the most important asset for modern organizations. Still, even today, the word “security” is often associated with guards in uniform, door locks and access control. While physical security is still fundamental, even to protect information, information security… Continue reading

Developments in ISO digital investigations international standards

Last October in Rome ISO/IEC SC 27 held its 45th Meeting. SC 27 is the ISO subcommittee responsible for information security standards. We saw a significant evolution in the work regarding digital evidence and digital investigation, first and foremost the formal publication of ISO/IEC 27037:2012  (identification, collection, acquisition and conservation of… Continue reading

What’s the place of Digital Forensics in corporate Information Assurance?

Digital Forensics is not usually considered an important part of Information Assurance process and the management of Information Security, but it should, when we consider the big picture regarding Information Security and Cybersecurity. Nowadays all organizations, be them private corporations, public bodies, NGOs etc need to approach Information Security knowing… Continue reading