Security awareness: the tale of the Minister of Fisheries and his love of an Iranian former beauty queen

An interesting story worthy of inspiring books and TV shows is unfolding in Norway. The Minister of Fisheries, Per Sandberg (born 1960), from the Progress Party (a populist right party), spent his summer holiday in Iran together with his new girlfriend, a 28-year old former beauty queen who fled to Norway do escape forced marriage … Continue reading Security awareness: the tale of the Minister of Fisheries and his love of an Iranian former beauty queen

Making Django, Elastic Beanstalk and AWS RDS play well together

A couple of days ago I decided I should learn a bit more hands-on AWS stuff. So I created a free tier AWS account, and looked around. I decided I'd take a common use case; deploy a web application to Elastic Beanstalk and add a domain and SSL. Setting up tools Step 1: reading documentation. … Continue reading Making Django, Elastic Beanstalk and AWS RDS play well together

How a desire for control can hurt your security performance

Lately we have seen a lot of focus on security in social media - professionals, companies, organizations trying to increase security awareness. A lot of the information out there is about "control" and "compliance". The downside of a risk management regime based on strict rules, controls and compliance measures has been demonstrated again and again … Continue reading How a desire for control can hurt your security performance

How to manage risk and security when outsourcing development

Are you planning to offer a SaaS product, perhaps combined with a mobile app or two? Many companies operating in this space will outsource development, often because they don't have the right in-house capacity or competence. In many cases the outsourcing adventure ends in tears. Let's first look at some common pitfalls before diving into … Continue reading How to manage risk and security when outsourcing development

Do you consider security when buying a SaaS subscription?

tl;dr;  SaaS apps often have poor security. Before deciding to use one do a quick security review. Read privacy statements, ask for security docs, and test authentication practices, crypto and console.log information leaks before deciding if you want to trust the app or not. This post gives you a handy checklist to breeze through your … Continue reading Do you consider security when buying a SaaS subscription?

How to build emergency preparedness for cybersecurity incidents

Business continuity and emergency preparedness have become familiar concepts for many businesses - and having such risk management practices in place is expected in many industries. In spite of this, apart from software companies, inclusion of cybersecurity and preparing for handling of serious cyber attacks and security incidents is far from mature. Many businesses have … Continue reading How to build emergency preparedness for cybersecurity incidents