TLS secures my data, right?
You have to understand that TLS by-design is intended to have all data read by
anyone without any authorisation checks.
PCI DSS - Are AWS KMS and CloudHSM suitable?
A look into the suitability of AWS KMS and CloudHSM for use with workloads
in-scope of PCI DSS.
Who owns
Australia - Where Compliance and Regulation Obligations are Unlawful
The Australian Government's controversial encryption bill passed the Senate
[https://www.abc.net.au/news/2018-12-06/labor-backdown-federal-government-to-pass-greater-surveillance/10591944]
Exploiting Orphaned Webserver Files
> Detect as a means to defend
The idea of this attack is to identify old dependencies with known exploits.
Preparing for Independent Penetration Testing
White box
Commonly used by organisations after a black box pentest to validate controls,
or as an assurance to the
Information Security strategy tips for startups
Information Security is a broad reaching area of concern for your business. In
the enterprise world a large component of
Vendor attestations prove nothing about your systems
Over the years I've been tasked to implement controls as a developer or
self-assess and design controls that
ASD Essential Eight Mitigation Strategies to Detect Cyber Security Incidents and Respond
The Australian Cyber Security Centre (ACSC) has developed The Essential Eight
which are mitigation strategies that organisation's can
Responding to a troll GDPR Subject Access Request - Australian/NZ Version
The General Data Protection Regulation (GDPR) guidance in this post is
experience based and your own response should be reviewed
GDPR compliance beyond Europe
GDPR comes into effect in May 2018 and one of the buzz phrases you might have
heard is
> the