It used to be there wasn’t much you could do when an incident occurred. Inform a Manager or two, maybe send an email or fill in some details on a spreadsheet, maybe even speak to the security team. But what about the cost? How much was this costing your company? How many man hours would be lost? And how could you ever justify the cost of expensive network security if you had no evidence to back up the need for such protection? You knew your managers (especially the bean counters) wanted answers regarding return on their investment even if they weren’t directly saying it. Oh what joy to be able to justify security spend in terms of the incidents occurring and those that you had demonstrably prevented!

But then, just as all hope was lost and the world was fast becoming as incident prone as Laurel and Hardy…in the thick fog of confusion and uncertainty…came a new kind of hero. A programme so sophisticated it could deliver accurate information on the types and costs of all types of sensitive incidents – from security to regulatory compliance and from health & safety to data protection. A programme so adaptable it could enable the specification and identification of the incident types that relate to your organisation, seamlessly tie in all the necessary players into an ideal response to any sensitive issue and report on the overall trends in security incidents and the actual financial impact. A programme so powerful it could justify your requirements for additional or modified protection and security budgets by providing hard data to back up your requirements.

Blackthorn™ had arrived…

Blackthorn, a secure incident database, was the brainchild of Neil Hare-Brown. He believed that there was a need for a more systematic way of recording and managing incidents. Such a system would be markedly different from help desk systems as it would have a strong focus on integrity and the provision of legally admissible output. It would also provide specialist tools for both the investigation of, and recovery from the impacts of sensitive incidents. A sophisticated workflow would drive the incident management process.

Slowly, the world began to notice. Maybe there was a need for improved security incident management? Maybe reporting alerts and incidents were just as important for the stability of a company as other security issues – perhaps even more so!

Blackthorn slowly began to grow. With new modules enabling the management of assessments and cross-correlation of incident and assessment data in a module for managing operational risk, it was becoming the powerful tool Neil had always hoped. At this year’s Infosec’07 the age of Blackthorn had arrived…

What's in a name? that which we call a rose
By any other name would smell as sweet;
Juliet, Shakespeare’s Romeo and Juliet

QCC were once again at Infosec’07 and we were the talk of the show! Using an ingenious mix of information, fun and cute girls, the QCC stand was THE place to be at this year’s event. And come they did….

We had film crews and journalists, managers, executives and government officials; we even managed to attract students! We are still debating if the students were there for the free gifts!! But for whatever reason, Stand C164 that housed QCC was one of the most popular. But how did it all start?

A long time ago…when planning for the show, Neil Hare-Brown, CEO of QCC, came up with an idea. Like all ideas that are a little bit different, it was met with scorn and some ridicule. A game…at an information security show?? Whatever next…? Bears riding bicycles? But like all good CEOs, Neil persevered. His enthusiasm for the idea, for the game, became infectious. Maybe the CEO was right, maybe a game was just what Infosec’07 needed!

The game was simple, a coconut shy representing Risk. The object of the game was to show, by using tin cans and juggling balls, that no matter how much control you place on an asset, it was still vulnerable to threats. Simple. Then came the hard part. Turning the idea into reality. From thought process to paper to the actual build, many people worked on the stand. From flash animators to graphic designers to builders, from suppliers to models, all shared a common goal, to create a stand that would remembered.

Over one thousand people visited our stand. Over one thousand people will remember the stand.