This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000. The SoA should outline the measures to be taken in order to reduce risks such as those mentioned in Annex A of the standard. These are based on ‘Controls’. But if you …
Call me a dinosaur (that’s OK, since its the weekend and dressed down to work in the garden) but … Surely COMPLIANCE is a binary measure, not a “level of” issue. You are either in compliance or you are not. As in you are either deal or alive.
Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are made by the social engineers and to glean information from your employees. Yes but as RSA demonstrated, it is a moving target. You need to have …
http://hdguru.com/is-your-new-hdtv-watching-you/7643/ well 28 years actually … So, the two-way tv sets of Orwell’s novel have arrived, over a quarter of a century late! It just goes to show. Science fiction things like the Star Trek communicator (Motorola flip phones) or the tricorder (some of the enhanced versions of the Newton) …
On the ISO27000 Forum list, someone asked: I’m looking for Risk statement for each ISO 27k control; meaning “what is the risk of not implementing a control”. That’s a very ingenious way of looking at it! One way of formulating the risk statement is from the control objective mentioned in …
http://www.infoworld.com/d/security/the-19-most-maddening-security-questions-187983 An interesting list, since it covers issues of public structural security. I recall reading that the greatest contribution to the health of individuals came about from good public sanitation and clean water, that is civic changes (presumably enabled by legislation) that affected the public in a structural manner. What …
http://www.nextgov.com/nextgov/ng_20120305_6368.php The Navy’s premier institution for developing senior strategic and operational leaders started issuing students Apple iPad tablet computers equipped with GoodReader software in August 2010, unaware that the mobile app was developed and maintained by a Russian company, Good.iWare, until Nextgov reported it in February. OK so its not …
© 2013 The InfoSec Blog
Powered by Esplanade Theme by One Designs and WordPress