CISO Central - practical information security advice

Welcome to CISO Central, the information hub for Information Security professionals.

This site is intended to provide practical cyber & information security advice to assist you in your work, rather than to simply repeat news or statistics about how bad things are. The emphasis is very much on how to actually fix things, not simply lament the latest ‘challenge’.

We hope this service will be of practical use to you and we will be delighted to hear from anyone interested in contributing their own real-world advice and experience.

(Due to spammers, it is necessary to register and login before you can contact us, and again because of spammers, your registration will be checked by a human before being authorised and so if you use an apparently random name, your registration may be cancelled. Sorry, but we don’t want to fill this site with spam content.)

A Tour of Cyber Security

A Tour of Cyber SecurityWondering where you start in building a cyber security capability and what you need to consider? This white paper provides a whistle-stop tour; a mile wide and an inch or two deep, but to give you an idea of what to work towards and what you need to consider.

There is a lot of work involved and a logical flow of how you get there. You will need to go back and forth in your thinking as it’s hard to get it nailed on first pass.

Read more »

Cyber Hygiene & Attack Analysis Methodology

Do you practice cyber hygiene?What is ‘Cyber Hygiene’ and how do you really set about analysing attacks you observe and using this information to make yourselves better prepared for whatever may come next?

This article explains how to practice ‘Cyber Hygiene’ and how to structure observations you make and form an analysis that can help you to be better prepared ‘the next time around’.

Read more »

Insights to Modern Cyber Threat Intelligence

What truly makes up Cyber Threat Intelligence and how to differentiate between data, information and intelligence and their respective usesWhat truly makes up Cyber Threat Intelligence and how to differentiate between data, information and intelligence and their respective uses?

This article explains how analysis can help you to define and understand the relationships between seemingly disparate pieces of information and how they can form an picture. These relationships and commonalities are key to turning information into intelligence.

Read more »

Practical ways to combat fraudulent Email

Spam folder of unwanted mailDoes your organisation suffer ‘brand abuse’ by spammers sending fraudulent Email to your customers and the public?

Would you like to do something about this abuse of your organisation’s name and reputation? Then check-out our ‘Recipe of real-world controls’ White Paper for a complete ‘How-to’ of combatting the spammers and regaining control of your domain name.

Read more »

Wondering about your options to mitigate DDoS attacks?

Screen showing DDoS traffic spikesDenial of Service (DoS) attacks are back in the news and everyone seems agreed that the attacks are getting bigger, badder, more sophisticated and more frequent.

If you’re considering your options, this guide gives you some background and explains the bigger questions you’ll need to consider.

Read more »

Why POODLE is killing off SSL and where TLS is going?

Picture of poodle dog baring its teethThe recent announcement of the POODLE vulnerability in SSL version 3 is just the latest in a string of high impact security issues that have characterised the second half of 2014.

This article aims to provide the background to the attack, its implications for your infrastructure and also delves into further TLS changes expected during 2015.

Read more »