by Jesper Kråkhede, Sweden
Posted in Business, Compliance, Security Architecture on Sep 28th, 2014
The events currently unfolding at a large car producer points at a specific problem within security: The fears of letting other know. In many organizations today security has a somewhat impenetrable workflow. The board is briefed by the CSO or CIO with only a minimum off information according to “need to know”. Non-security personnel have […]
Posted in Business, Security Architecture on Jul 28th, 2014
Running a small business with an unknown brand is not protection enough anymore or attacks. As soon as you have a web presence you will be scanned and possible hacked. The reason that small business are in scope for attacks now is that they quite often have lower defences and simply are easier to breach. […]
Posted in Business, Security Architecture on Jun 21st, 2014
Military attacks are quite often interesting from the viewpoint that they will sooner or later find its way into the attacks geared towards different civil companies. I doubt that there is a possible gain to target civil nuclear centrifuges but of course there are other possibilities. Reading this article you get a bit of an […]
Posted in Business, Security Architecture on Jun 20th, 2014
If you ever been to Sweden you now that the third Friday in June is Midsummer Eve and all of Sweden goes to celebrate that summer has finally arrived. I´m not an exception here so just a short post today. If a credit card costs as much as $40 and is resold for $20, $10$, […]
Posted in Security Architecture on Apr 22nd, 2014
Not all my clients are big international companies with subsidiaries all over the world, on the contrary quite a number are small to medium companies with a lot less budget to manage security and hence a lot of my assignments are focused on minimising cost while giving them as much security as possible. As very […]
Posted in Security Architecture on Mar 15th, 2014
You may have heard the term ‘targeted attacks’. This is simply an attack that has pinpointed a specific company or person as a target and most possibly uses APT to get to it. Intellectual property has been a prime target for years but during the last year national disputes, diplomatic espionage and full blown military […]
Posted in Security Architecture on Feb 27th, 2014
’Follow the money’ is a very useful phrase when working with financial institutions. It´s a rather common misperception that there are money everywhere in a bank. Most data that flows is mainly different kind of confirmation or personal data that is not connected the highly regulated transaction flows. In one end of the money flow […]
Posted in Methodology, Security Architecture on Jan 2nd, 2014
Remember the days of Melissa and Love letter? When you were breached it very visible and very clear to everyone in the office. Those days are over since long. Nowadays you may not even know that you have a breach and the only way to find it is using different surveillance tools to find anomalies […]
Posted in Business, Compliance, Security Architecture on Dec 14th, 2013
What on earth is AML Security architecture? I sometimes get the question how you create a security architecture for AML (Anti Money Laundering) and I´ll try to answer it here. A loose definition is that AML is a set of regulation dictating that you have to make sure your financial institution does not take part […]
Posted in Business, Security Architecture on Nov 16th, 2013
Sitting at a local coffee shop discussing security architecture with a client is sometimes hilarious and sometimes very intriguing. Today I had two meetings regarding possible assignments for creating a security architecture. Both my clients are well aware of what security architecture is and what you need to do to create one but in one […]