The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Category: 11th Domain

September 20, 2016

UN privacy head slams ‘worse than scary’ UK surveillance bill

http://www.theregister.co.uk/2015/11/10/un_privacy_head_slams_uk_surveillance_bill/ Two points in this caught my attention. Cannataci also argued forcefully that mass surveillance was not the way to handle the threat from…

September 19, 2016

Some thoughts on the performance of SSD RAID 0 arrays

My Friend Alan Rocker and I often discuss ideas about technology and tradeoffs.  Alan asked about SSDs for Linux: > I haven’t been following…

July 2, 2016

Nobody wants to pay for security, including security companies

https://www.linkedin.com/pulse/nobody-wants-pay-security-including-companies-beno%C3%AEt-h-dicaire In theory, consumers and businesses could punish Symantec for these oversights by contracting with other security vendors. In practice, there’s no guarantee that…

March 22, 2016

Cyber risk in the business

https://normanmarks.wordpress.com/2015/06/05/cyber-risk-and-the-boardroom/ The take-away that is relevant : Cyber risk should not be managed separately from enterprise or business risk. Cyber may be only one…

November 8, 2015

The fatal flaw in IT Risk management

Is interviewing is a much better method that self-certifications and a checklist, if time and resources allow. Two points: In the ISO-27001 forum, my…

July 5, 2015

Cyber, Ciber or Syber?

Occasionally, people do ask: What exactly do you mean by “cyber security”? Or “cyber” for that matter. Please explain. “Steersman Security”? It seems to…

November 19, 2014

Should all applicable controls be mentioned in documenting an ISMS?

In my very first job we were told, repeatedly told, to document everything and keep our personal journals up to date. Not just with…

January 25, 2014

Most CEOs clueless about cyberattacks

http://www.zdnet.com/most-ceos-clueless-about-cyberattacks-and-their-response-to-incidents-proves-it-7000025396/#%21 Perhaps that’s cynical and pessimistic and a headline grabber, but then that’s what makes news. What I’m afraid of is that things like…

August 25, 2013

The Truth About Best Practices

An article on Linked entitled ‘The Truth about Practices” started a discussion thread with some of my colleagues. The most pertinent comment came from…

February 16, 2013

The #1 Reason Leadership Development Fails

http://www.forbes.com/sites/mikemyatt/2012/12/19/the-1-reason-leadership-development-fails/ I wouldn’t have though, based on the title, that I’d be blogging about this, but then again one can get fed up with…

October 2, 2012

An “11th Domain” book.

http://www.infosectoday.com/Articles/Persuasive_Security_Awareness_Program.htm Gary Hinson makes the point here that Rebecca Herrold makes elsewhere:   Awareness training is important. I go slightly further and think that a…

September 14, 2012

Learning to Counter Threats – Skills or Ethics?

Fellow CISSP  Cragin Shelton made this very pertinent observation and gave me permission to quote him. The long thread about the appropriateness of learning…

July 2, 2012

Tight budgets no excuse for SMBs’ poor security readiness

http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge, noted that smaller companies…

March 23, 2012

Social Engineering and sufficency of awareness training

Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are…

February 8, 2012

Upside and downside: How I hate Journalists

http://compliancesearch.com/compliancex/insider-trading/senate-votes-to-ban-insider-trading-by-its-members/ And this doesn’t actually stop them form making use of ‘insider information’ they just have to declare it within 30 days. No, wait,…

July 21, 2011

Economic Impact: Patent trolls chase app developers out of the U.S

http://www.linuxfordevices.com/c/a/News/Kootol-joins-Lodsys-as-a-patent-troll/?kc=LNXDEVNL072111 The Debt ceiling crisis will pass; even if there is a crash, the USA can recover from it … IF its core economic…

July 8, 2011

He’s not Ian Paisley

I was at a presentation yesterday. One of the vendor’s speakers, I’m sorry to say, was a CISSP. OK, he wasn’t Ian Paisley or…

March 1, 2011

Security and efficiency

You gotta love the low-tech solution. It’s really never NOT about people, is it? 🙂 Darn tooting right! Its always people. Any way you…

February 24, 2011

Are *YOU* ready to give up yet?

Apparently (ISC)2 did this survey … which means they asked the likes of us …. http://www.darkreading.com/security-monitoring/167901086/security/security-management/229219084/under-growing-pressure-security-pros-may-be-ready-to-crack-study-says.html Faced with an attack surface that seems to…

January 16, 2011

Black Swan: “levels only experienced on average once every 500 to

http://news.discovery.com/earth/megastorm-californias-other-big-one.html Just in the last 15 years, since microwave technology aboard satellites produced images of water vapor in the atmosphere, scientists have come to…

Posts navigation

1 2 Next

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

April 2021
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Bruce Schneier
  • CERT-CC
  • MSDN- Security
  • Microsoft TechNet – Security
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme