The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Category: How-to

September 11, 2016

Everybody wants in on ‘Cybersecurity”

Embed from Getty Images Intel Sets McAfee Free … http://www.databreachtoday.com/blogs/intel-sets-mcafee-free-p-2244? … becoming what Intel bills as one of the world’s biggest “pure-play cybersecurity companies.”…

November 8, 2015

The fatal flaw in IT Risk management

Is interviewing is a much better method that self-certifications and a checklist, if time and resources allow. Two points: In the ISO-27001 forum, my…

August 30, 2012

Marketing Is Dead – Harvard Business Review

http://blogs.hbr.org/cs/2012/08/marketing_is_dead.html Of course you have to have a catchy title, but what this really says is … in today’s increasingly social media-infused environment, traditional…

August 9, 2012

How to build an asset inventory for 27001

How do you know WHAT assets are  to be included in the ISO-27K Asset Inventory? This question and variants of the “What are assets…

May 17, 2012

How to get a job in security

http://www.wired.com/threatlevel/2012/05/airport-security-id-theft/ I often get hit on by wannabes who want to – as they put it – “break into security” and get a job…

January 17, 2012

How to decide on what DVD backup software to use

You do do backups don’t you?  Backups to DVD is easy, but what software to use? – How are you managing the backup archives?…

November 13, 2011

Which Risk Framework to Use: FAIR, FRAP, OCTAVE, SABSA …

What framework would you use to provide for quantitative or qualitative risk analysis at both the micro and macro level?  I’m asking about a…

August 6, 2011

The Decline of the Physical Desktop

http://www.eweek.com/c/a/IT-Management/As-Foretold-by-Desktop-Managment-Tools-588370/ What’s interesting here is that this isn’t preaching “The Cloud” and only mentions VDI in one paragraph (2 in the one-line expanded version)….

March 1, 2011

Security and efficiency

You gotta love the low-tech solution. It’s really never NOT about people, is it? 🙂 Darn tooting right! Its always people. Any way you…

May 19, 2010

The Classical Risk Equation

What we had drilled into us when I worked in Internal Audit and when I was preparing for the CISA exam was the following…

February 5, 2010

The checklist revolution works

http://www.smartplanet.com/technology/blog/rethinking-healthcare/the-checklist-revolution-works/838/ I can see the reasoning behind why doctors would object to check-lists, but it makes me wonder why so many corporate IT departments,…

January 6, 2010

The Need to Understand Culture

Some references for “The 11th Domain” I’m going to respond to this as broadly as possible. This is not a subject like “access control”…

November 6, 2009

Speil Chequers

Yesterday, my friend and collegue, Rob Slade, noted that … Idly leafing through yet another IT executive rag (preparatory to recycling it), and noticed…

October 6, 2009

About creating Corporate IT Security Policies

As I’ve said before, you should not ask yourself what policies to write but what you need to control.  If you begin with a…

May 5, 2009

The U.S. has 18 percent of its machines controlled by botnets

http://blogs.zdnet.com/BTL/?p=17459&tag=nl.e589 A short while ago I read an article that tried to present both sides of the issue of whether companies should shut down…

May 4, 2009

OWASP Top Ten is really the OWASP Top 6.5

Image via Wikipedia http://secureme.blogspot.com/2005/10/owasp-top-ten-is-really-owasp-top-65.html This is somewhat dated, but so what? Most of the points raised still hold valid. It opens: CIO/CSO: “I just…

August 27, 2007

Ten (+1) reasons to treat network security like home security

http://blogs.techrepublic.com.com/security/?p=274 Its a good week at TechRepublic for security articles. In the light of a number of threads this last month in the various…

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

April 2021
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Bruce Schneier
  • CERT-CC
  • MSDN- Security
  • Microsoft TechNet – Security
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme