BSides Scotland 27th April

ISSA-UK is going to Scotland this spring!

BSides Scotland will be taking place on 27th April at the Royal Concert Halls in Buchanan Street, Glasgow.  Last year they run a very successful event in Edinburgh and this year we expect it will be even better.

They have sold out of tickets so apologies if you are missing it but if you are one of the lucky ones to grab a ticket then expect a packed day of talks, workshops and competitions – including the “Cyber Cake Challenge” with some great prizes.

This year ISSA-UK is proud to support and attend the event and together with the BSidesScotland Crew look forward to seeing you there!

If you already have a ticket and are an ISSA-UK member please volunteer an hour or two to be at our table.

If you are a member of ISSA-UK without a ticket but willing to volunteer get in touch with me ASAP iggy[@]

Why SOC?

I had been recently asked "why SOC? I get the how and the what, but missing g the why..." and i found this brilliant question, got me scratching my head for a bit, guess too many years doing the how and what have its affect after all.

So here are some of my thought, hope its gets you thinking as well.

There are many thoughts and opinions around this topic and I will try and consolidate some for focus and simplicity.

It’s also very important to remember that the term SOC (Security operation centre) have a wide definition in terms of its specific deliverables and co-operation within the enterprise.

Correlation – Finding needle in a haystack become easier with automation and help business focus and respond appropriately to the evolving threat landscape, Correlation of information systems events assist in faster times to detection & response (MTTR).



Assisting in getting better ROI from technology investment, “single pane of glass” central log location, configuration tuning… keep the organisation running.

Risk reduction.


SOC assist the business in meeting compliance regulatory requirements.

Provide evidence for/in investigation.

Separation of duties.

Enhanced security

Actively monitoring and correlating infrastructure users and data events assist in faster detection time rapid response by dedicated team.

Reduce the impact of an incident.


central location for collecting threat and activity information, single pane of glass for available controls.



Ransomware - A Simple How To ...


A How To ...maxresdefault

n recent months there has been an increasing rise in the number of Ransomware related incidents hitting organisations.  While many occurrences do not make the public headlines, to security professionals and observers there has been a distinct and discernible trend taking shape.

The more excitable parts of mass media seem to have found the newest "hot & scary" story to relay them on to the naïve, the innocent, the ill-informed regrettably and the impressionable – that sadly and too frequently are to be found in the public services and SMEs.

In many of my recent conversations with clients and colleagues on this topic, it seems that the focus and fears of non-security industry professionals seems to undermine what many security professionals would agree is essential rigour and practice.

So in the tradition of many like-minded individuals, I thought it was time to share my thoughts on the topic, which to most security professionals will be an obvious basic and good practices approach mitigating and preventative operational controls.

The Small Print

The thoughts and opinions expressed in this paper are entirely my own and are not intended in their entirety or partially to be those of my current, past or future employers. As with all best practices, consider carefully how to use any advice and approach for your specific circumstances, especially the operational context. Please consider carefully any and all potential consequences, especially the unintended, that could arise for your environment.

This paper seeks to promote what many experienced security industry experts consider and agree are best practices to minimise the exposed digital landscape of an organisation to ransomware and malware attacks.

Notably in this paper, I have sought to keep all references confined to a technology rather than to a vendor, with the sole exception of Microsoft.  This is because I consider this to have been the prime OS candidate affected by ransomware to date.  As with all things in security, this may be subject to change.

Best practice

Before we kick off

First things first, what is ransomware? There are long descriptions available online in case you are not familiar with the problem. As per Wikipedia, “Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction

Like most malware related guidelines employing good housekeeping across the IT estate will help to sleep better at night.  Controlling the inbound data filtering bad traffic which importantly includes but is not limited to email traffic and web activity while employing common sense and basic controls will help significantly.

Good housekeeping means the boring stuff like making sure hosts are patched, maintained, protected and audited. Seems and sounds simple doesn’t it?  As it

should be, but many IT estates aren’t quite there, completely or consistently.

We need to include things we can’t articulate in a technical statement such as organizational culture, management commitment stakeholders and values into our culture and conversations.

Keeping a watching brief and sanitising network data which might have passed the initial controls, for example: monitoring the DNS through sampling or capturing some network traffic based on the required use case of the prevailing moment.

Taking technical steps to limit, restrict or prevent are important but we must not forget our users whom we can enable train and increase awareness helping them to become the frontline defence of the organisation.

Weave all the above together and you will have a much healthier infrastructure.


You can download the full document here, fill the required details for a link to the file. [email-download download_id="857" contact_form_id="757"]


ISSA International Conference 2015 - Chicago

Conference Diary - Chicago 2015

Day 1 – Morning - The ISSA International conference kicked off with a fantastic keynote speech by Vint Cerf ending with his current focus of intergalactic communication “How to send data packets to space and back”... I guess that there is plenty more to come from Prof. Cerf. An amazing person and the applause he received suggested that the room agreed.

Next there was an insightful CISO panel: Microsoft, Oracle, Harland Clarke Holdings Corp, Trek Bicycle Corporation and Texas gov. My favourite discussion topic was "How to advance the culture of security in your company from the corner office and beyond". Great contributions from all panel members.

I found myself wondering through a few of the "tracks" for the day. Started listening to Moshe Panzer who talked about SAP Security and other ERP system weaknesses while articulating the need to secure this environment and the challenges that come with this type of tech. The talk was presented with practical and technical explanations on what the real world challenges are and what his business does in that realm.

Naturally afterwards I gravitated into the Incident Response (IR) track as it’s a focus area of mine. The talks were phenomenal, "Preparing for the Big One" and "How to Accomplish Breach Response Readiness" were particularly memorable.

Evening – We went to 360 Chicago - a night out at the John Hancock building. Some amazing views of Chicago City and surrounding area with the bonus of being tilted downwards! BOMGAR sponsored an excellent light buffet and a lot of networking opportunities with the several hundred attendees. Check out the pics, you might even spot me there...

Day 2 – Morning - Started with yet another high profile keynote speech, this time from Dan Geer, who received a rapturous applause.

I attended a couple of IR sessions related to ISSA’s initiative around Cyber Security Career LifeCycle (CSCL). A huge amount of effort had gone into the CSCL space over the days and the leadership summit. To consolidate the topic, ISSA CSCL consists of 5 main stages in the career cycle of an IT security professional: i) Pre-Professionals ii) Entry-Level iii) Mid-Career iv) Senior Level v) Senior Leader. If you would like to get involved with this initiative, please do get in touch.

In addition to all the talks and sessions being held we also had a hall which hosted our sponsors. Familiar faces from our UK sponsors include Vanefi among others.

Overall it was a very educating experience and a fantastic opportunity for me to meet our US counterparts in person.


ISSA UK President Takes Advantage of the New Data Destruction Member Benefit

 Insertingintoshredder250815-smallGabe Chomic, President of ISSA UK, was the first member to have their personal hard drives destroyed at Data Eliminate Ltd. Gabe visited Data Eliminate’s premises in Central London to have three personal hard drives containing sensitive information securely destroyed.

Gabe assisted in, an
d witnessed, the destruction process by inserting his drives into the shredding machine and by inspecting the Corn-Flake-sized particles which emerged.

“The new data destruction Member Benefit the ISSA is offering in partnership with Data Eliminate Ltd should be really useful to ISSA members.   I am sure that many information security colleagues have handheld devices and hard drives which they have retained after the asset is no longer used in order to protect the informInspectingthefragments250815-smallation held on them. Now ISSA members can dispose of those items in a secure and environmentally responsible way,” said Gabe.

A 50% reduction is available to ISSA members on Date Eliminate’s HMG Corporate Grade Data Destruction Service. This includes the shredding of data bearing assets to 15mm x 15mm particles and a Certificate of Destruction showing the details of the assets destroyed.




For more details visit the Member Benefits page.

Interesting future for Crypto “exceptional access”

On Tuesday, the group — 13 of the world’s pre-eminent cryptographers, computer scientists and security specialists — released the paper, which concludes there is no viable technical solution that would allow the American and British governments to gain “exceptional access” to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.

ISSA-UK President speaking at "Project Camino" meeting

Mr Gabe Chomic, President of Information System Security Association UK (ISSA) is a panel member at the Project CAMINO Expert’s Workshop on June 15th/16th 2015 at Royal Holloway University on “Parameters for Guidance & Roadmap for the Prosecution of Cyber Crime in Civil, Criminal & Common Law.”


Gabe Chomic will be participating in the second session at 16-June 14.00hrs on the Legal approach to “Identity and Strong Authentication”.



The Expert’s Workshop is free to attend.
Please visit and use Password: cyber2015 to register to attend the workshop.


Computer Weekly Think Tank Present Mike Loginov

Great article from Mr. Loginov in recent computer weekly think tank publication.

Security Think Tank: Education, process and technology key to security challenge


Riding the social media wave

Social media has revolutionized both our personal and business lives over the past five years.  We can Tweet crime to our local police station. We can connect with companies on Facebook.  We can conduct extensive research on almost anybody and any company by conducting a Google search and reviewing social media profiles.  We can even arrange flash mobs and a single Tweet written in a few seconds can be read by tens of thousands of people within minutes.

From the beginnings of the humble email address as a unique online identifier, any one of us now have several online identities, complete with photos, employment history and even what we had for breakfast.  These identities persist.  We forget about old ones and set up new ones, whilst at all times this information is in the public domain for seven billion people in the world to hear. Without a doubt, by using social media, you will get heard.

Businesses have struggled to grasp social media and whether it construes a benefit or risk to the bottom line.  Most early non-adopters of social media simply enforced outright bans, as just saw social media as employees wasting time during working hours.  The employees simply waited until they got home, non-the-wiser that what they Tweeted could still bring their employer to its knees.  On another hand, some businesses that have opened up social media for their employees have ended up in court as they have failed to control what was being said and were held severally liable in libel cases.  Staff have had to be laid off, solicitors involved and public relations restored - no easy or cheap feat.

Either permitting or denying social media to employees in the workplace clearly presents a risk and that’s why all businesses, big and small, need to take action. There are no silver bullets or technological solutions that can stop your employees using social media and disclosing information. The problem can only be solved with a holistic people and process-based approach.

I would recommend at minimum a Social Media Policy and Security Awareness Programme to help tackle these issues.  Ensure employment contracts are correctly drafted.  Ensure your insurance covers the event of information disclosure and can assist with legal costs in the event of libel or confidentiality breach cases.  If your company does endorse social media, then setup your own Twitter and Facebook accounts so you can interface with employees and present consistent messaging to the outside world via your PR department, and via no other means.  It’s not a tough nut to crack, but you have to raise the security bar of everyone in your organisation to make your Social Media Strategy a success.

The worst you can do is do nothing.  Ride the social media wave and do not fall beneath it.