Tag Archives: cloud security

How CVSS Works: A Guide to Vulnerability Scoring

Leave a Reply

The Common Vulnerability Scoring System (CVSS) is a widely used framework for evaluating and communicating the severity of software vulnerabilities. First introduced in 1999, CVSS has become the standard scoring method for organisations to prioritise security efforts and manage vulnerabilities systematically. By assigning numerical scores to vulnerabilities based on their characteristics, CVSS enables teams to assess risks and allocate resources effectively.

Continue reading

Overview, Summary, Thoughts, and Recommendations on the NCSC Cyber Security Risk Management Guidance

Leave a Reply

This article evaluates the NCSC’s Cybersecurity Risk Management Guidance, highlighting its strengths in broad coverage and practical tools but identifying key weaknesses, including the lack of an integrated end-to-end framework, inconsistent depth, and limited audience-specific tailoring. It recommends strengthening the framework’s integration, providing accessible tools, addressing organisational resistance, and incorporating strategies for emerging technologies and black swan events. These enhancements could elevate the guidance to a truly comprehensive standard for diverse organisations.

Continue reading

Sun Microsystems Leads the Charge on Cloud Sovereignty and Security: Wayne Horkan, Sun CTO for the UK and Ireland, to form Cloud Security Forum

Leave a Reply

In May 2009, at the Cloud Expo Europe in London, I announced my intention to form a cross-sector forum aimed at addressing the pressing security issues surrounding cloud computing. The goal was to ensure that cloud computing, especially as it becomes a critical part of the UK’s national infrastructure, remains secure and compliant with UK laws and regulations.

Continue reading