September 11, 2016 Everybody wants in on ‘Cybersecurity” Embed from Getty Images Intel Sets McAfee Free … http://www.databreachtoday.com/blogs/intel-sets-mcafee-free-p-2244? … becoming what Intel bills as one of the world’s biggest “pure-play cybersecurity companies.”…
November 8, 2015 The fatal flaw in IT Risk management Is interviewing is a much better method that self-certifications and a checklist, if time and resources allow. Two points: In the ISO-27001 forum, my…
August 30, 2012 Marketing Is Dead – Harvard Business Review http://blogs.hbr.org/cs/2012/08/marketing_is_dead.html Of course you have to have a catchy title, but what this really says is … in today’s increasingly social media-infused environment, traditional…
August 9, 2012 How to build an asset inventory for 27001 How do you know WHAT assets are to be included in the ISO-27K Asset Inventory? This question and variants of the “What are assets…
May 17, 2012 How to get a job in security http://www.wired.com/threatlevel/2012/05/airport-security-id-theft/ I often get hit on by wannabes who want to – as they put it – “break into security” and get a job…
January 17, 2012 How to decide on what DVD backup software to use You do do backups don’t you? Backups to DVD is easy, but what software to use? – How are you managing the backup archives?…
November 13, 2011 Which Risk Framework to Use: FAIR, FRAP, OCTAVE, SABSA … What framework would you use to provide for quantitative or qualitative risk analysis at both the micro and macro level? I’m asking about a…
August 6, 2011 The Decline of the Physical Desktop http://www.eweek.com/c/a/IT-Management/As-Foretold-by-Desktop-Managment-Tools-588370/ What’s interesting here is that this isn’t preaching “The Cloud” and only mentions VDI in one paragraph (2 in the one-line expanded version)….
March 1, 2011 Security and efficiency You gotta love the low-tech solution. It’s really never NOT about people, is it? 🙂 Darn tooting right! Its always people. Any way you…
May 19, 2010 The Classical Risk Equation What we had drilled into us when I worked in Internal Audit and when I was preparing for the CISA exam was the following…
February 5, 2010 The checklist revolution works http://www.smartplanet.com/technology/blog/rethinking-healthcare/the-checklist-revolution-works/838/ I can see the reasoning behind why doctors would object to check-lists, but it makes me wonder why so many corporate IT departments,…
January 6, 2010 The Need to Understand Culture Some references for “The 11th Domain” I’m going to respond to this as broadly as possible. This is not a subject like “access control”…
November 6, 2009 Speil Chequers Yesterday, my friend and collegue, Rob Slade, noted that … Idly leafing through yet another IT executive rag (preparatory to recycling it), and noticed…
October 6, 2009 About creating Corporate IT Security Policies As I’ve said before, you should not ask yourself what policies to write but what you need to control. If you begin with a…
May 5, 2009 The U.S. has 18 percent of its machines controlled by botnets http://blogs.zdnet.com/BTL/?p=17459&tag=nl.e589 A short while ago I read an article that tried to present both sides of the issue of whether companies should shut down…
May 4, 2009 OWASP Top Ten is really the OWASP Top 6.5 Image via Wikipedia http://secureme.blogspot.com/2005/10/owasp-top-ten-is-really-owasp-top-65.html This is somewhat dated, but so what? Most of the points raised still hold valid. It opens: CIO/CSO: “I just…
August 27, 2007 Ten (+1) reasons to treat network security like home security http://blogs.techrepublic.com.com/security/?p=274 Its a good week at TechRepublic for security articles. In the light of a number of threads this last month in the various…