The Security Knowledge Centre and Blog

5 min read

What is Penetration Testing

Penetration testing, also known as pen testing or ethical hacking, is a process of testing the security of a computer system, network, or...

44 views

Another Breach! but who really gives a f**k!

David Riley

2 min read

Blog

Another Breach! but who really gives a f**k!

Significant and media worthy data breaches seem to be increasing, along with the lesser breaches that only us InfoSec peeps see on security

12 views

Anchor 1

What is ISO27001?

ISO 27001 is a globally recognised international standard for managing information security. It provides a framework for implementing and maintaining an effective Information Security Management System (ISMS) that is designed to protect the confidentiality, integrity, and availability of an organisation’s information assets.
What is Penetration Testing?

Penetration testing, also known as pen testing or ethical hacking, is a process of testing the security of a computer system, network, or web application by simulating an attack by an unauthorized user. The goal of a penetration test is to identify vulnerabilities in the system before a real attacker can exploit them.
What makes a good password?

A good password should be long, complex, unpredictable, and unique. This means it should have at least 12 characters and include a mix of upper and lower case letters, numbers, and special characters. Avoid using common words, predictable patterns, or personal information. Each account should have a different password to prevent multiple accounts from being compromised if one is breached.
What’s the difference between a password and a passphrase?

A password is typically shorter and more complex, which can make it harder to remember. For example, "P@ssw0rd123!" is a strong password but can be tricky to remember. A passphrase, on the other hand, is a longer sequence of random words, like "HorseBatteryStaple2024!". Passphrases are generally easier to remember and can be even more secure because of their length.
Are password managers safe to use?

Yes, password managers are generally safe and very useful. They help you create and store strong, unique passwords for all your accounts, reducing the risk of using weak or repeated passwords. They also automatically fill in login details, making it easier to manage multiple accounts. However, it’s important to use a strong master password for your password manager and enable two-factor authentication if available. While there are some risks, such as the password manager being a single point of failure, the benefits often outweigh these risks.
Why is it important to use a different password for each account?

Using the same password across multiple accounts is like having the same key for all your locks – if someone gets hold of that key, they can access everything. If one of your accounts is compromised and your password is exposed, all your other accounts using the same password become vulnerable. By using a unique password for each account, you limit the damage if one of your passwords is ever stolen or discovered. That way, only the compromised account is at risk, while your other accounts remain secure.
What are the pros and cons of using a password manager?

Password managers are software applications that securely store and manage all your passwords, so you don't have to remember them individually. The main pros of using a password manager are: You only need to remember one master password to access all your other passwords. Password managers can generate strong, random passwords for each account. Your passwords are stored in an encrypted vault and can sync across all your devices. However, the cons are: If your master password is compromised or forgotten, you lose access to all your accounts. You become dependent on the password manager software, and if it has issues or shuts down, you may lose access to your passwords. So, while password managers offer convenience and security benefits, it's important to understand the potential risks and have a backup plan in case of any issues.
What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication (MFA) is a security method that requires more than just a password to log into an account or system. In addition to your password (something you know), MFA requires another form of authentication, such as a fingerprint or facial scan (something you are), or a code sent to your phone (something you have). This extra layer of security makes it much harder for unauthorized people to access your accounts, even if they have your password.
Why is MFA important?

MFA is important because it adds an extra level of protection against cyber threats like hacking, phishing, and identity theft. Passwords alone are becoming increasingly vulnerable, as cyber criminals develop more sophisticated ways to steal or guess them. With MFA, even if your password is compromised, unauthorized individuals still can't access your accounts without the additional authentication factor(s). MFA significantly reduces the risk of account takeovers and data breaches.
How does MFA work, and what are some common examples?

MFA works by requiring two or more different methods of authentication to verify your identity. Common examples include: Entering your password, then entering a one-time code sent to your mobile phone (this is known as two-factor authentication or 2FA). Logging in with your password, then using your fingerprint or facial recognition on your device. Entering your password, then inserting a physical security key into your computer's USB port. The idea is that even if one factor (like your password) is compromised, an attacker still can't access your account without the other factor(s) that only you have access to. This makes it much more difficult for cyber criminals to breach your accounts.