by Jesper Kråkhede, Sweden
Posted in Security Architecture on Jun 2nd, 2017
As you read in my previous message I´m joining Microsoft. One thing you have to do at MS is to return to the school bench as there is so much to learn. As for now I´m only allowed access to external material so let me share with you a few views on the PAW PAW […]
Posted in Security Architecture on May 18th, 2017
Following my last post a few clients started asking me about the future of ransomware. I brought up this picture showing a number of predictions I have done during the years and when they were found in the wild. One prediction is that more failures will happened, either intentionally or unintentionally, and that will start […]
Posted in Security Architecture on May 16th, 2017
Ransomware makes you wanna cry and the name of the latest outbreak is fitting. You have most probably read 100ths of post regarding how to protect yourself moving forward and I will not repeat those tips and tricks but instead focus on some real-life experiences that actually prevented the ransomware in the first place: 1. […]
Posted in Security Architecture, Technology on Apr 5th, 2017
Following on the administrator is the DBA, a person that is almost mythical as it´s a very scarce resource. During my years as a DBA I always had full access to everything within the database and as many databases was run under domain admin accounts I could do anything in the environment that I wanted. […]
Posted in Security Architecture on Apr 3rd, 2017
Many years back I was always saying: There are two people that has full control over all the information in your organisation: The CEO and the administrator…and I´m not sure about the CEO. During my time as an investigator I have found numerous instances of Microsoft Office installed on file servers where there was very […]
Posted in Business, Security Architecture on Mar 23rd, 2017
A client of mine was hit by a simple ransomware this morning and it costed her one workstation and a few hours in reinstallation. She has listened to me and implemented a good way to manage reinstallation of clients and take backups. This specific company has removed file shares and are using SharePoint instead so […]
Posted in Security Architecture on Mar 22nd, 2017
Sometimes I have time to sit down and reflect on the world and try to look a bit further than the following meetings of the week. Having had a number of discussion with my clients it is very obvious that different cloud services is the future, be it IAAS, PAAS or SAAS. During those discussions […]
Posted in Security Architecture on Feb 7th, 2017
In my previous posts, I wrote a bit about security architecture. Looking at how to implement this in real life you need to start looking at your security posture. But what is your security posture exactly? When you start implementing your security you will have a number of hardware and software based protections. You will […]
Posted in Security Architecture on Feb 5th, 2017
Now that you understand where a security architecture start it is time to look at the full cycle of security architecture. When you have a risk register with risk for different assets you need to start working on how to mitigate those. The first task is to define the security mechanisms that are needed to […]
Posted in Security Architecture on Jan 5th, 2017
It´s not that easy to start creating a security architecture when it’s hard to define in the first place. A security architecture has a few starting points. The first one is the realisation that you have something to protect. That may sound as a simple thing but without your assets defined you cannot define a […]