Author: Farayi Dzichauya

I often get asked by my friends and family how to stay safe online so I have decided to put something together for them. There is always friction between convenience and security – as a rule of thumb, the more secure something is the less convenient it is. There are obvious exceptions though. Here are…

Ransomware has been with us for a while and initially was mostly focused on encrypting individual devices. In 2013, CryptoLocker, a ransomware attack by the GameOverZeus organised crime group, combined strong public key encryption with cryptocurrency payments, making it a profitable business model. Attackers began to target large organisations instead of small businesses or individuals,…

Principle-based assurance (PBA) is an approach to cybersecurity assurance that focuses on the underlying principles of a system or process, rather than on specific controls or procedures. This approach is based on the idea that if the underlying principles of a system or process are sound, then the system or process is likely to be…

Software engineers typically make hundreds of decisions every day and in my experience no one sets out to write insecure code, so everyone is well meaning however in those decisions some have a bearing on security outcomes and some don’t. It is vital that developers spot security-relevant decisions as they are encountered, and have a clear…

Transport Layer Security(TLS), is a commonly used security protocol designed to facilitate secure communications over the internet. A typical use case of TLS is encrypting the communication between web applications and servers so the communication between your favourite browser and your favourite website online.  Key Security Considerations:  Only support strong protocols. The handshake protocol is an area…

On average how long does it take for a business to detect a data breach? In an IBM study in 2019 which looked at 507 companies and interviewed 3211 individuals in companies that had experienced a data breach in the last year, it identified that the average time to identify a breach in 2019 was…

This week, I stumbled across the NCSC blog post on how to keep your security monitoring effective. This is a topic that is definitely worth revisiting on a regular basis. Far too often I come across instances where security activities sound good but are implemented in a way that causes them to lack the effectiveness…

This weekend I was working on a project with my children who wanted to understand how the internet started and I thought would post part of the answers on here as well. The Internet protocol suite resulted from research and development conducted by the Defense Advanced Research Projects Agency (DARPA) in the late 1960s. It’s…

It systems have become very complex due to the prevalence of interconnected systems. As systems have evolved, most enterprise environments have leveraged on the many advantages offered by interconnected systems. This has meant that most businesses are heavily dependent on IT systems to remain operational. The majority of businesses now rely on their IT systems…

A big thank you to everyone who completed the survey. I will share results in due course.