«

An Introduction to Risk Analysis

An Introduction Far from proposing you a full formation to ISO 27005, this short post will introduce to you the basis to keep in mind before starting any new Security Project. Indeed, contrary to other investments, security won’t bring new value to your company Business; instead, it gives you the promise to protect your current value. As I’ve already discussed with students in a recent lecture, I gave on the Risks of IT Outsourcing, when you subscribe to a new outsourcing contract, concerning security, the External Service Provider (ESP) has an obligation of means he should apply rather than results.…

Read more »

The three container security golden rules

As containers became a standard in IT applications, enumerating a few security best practices is now a business need. Therefore I’ve defined those three golden rules to keep in mind before pushing a new image for production to your company container repository. I Careful with share volumes you will be Contrary to a Virtual Machine, a Docker container uses the host kernel directly, so in case of a kernel vulnerability restricted permissions on shared resources won’t protect you from an attacker.…

Read more »