The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity
Skip to content

Category: Risk

November 1, 2016

Online Ad Industry Threatened by Security Issues

http://www.databreachtoday.com/online-ad-industry-threatened-by-security-issues-a-9488 Most people use ad blockers because they’re irritated with some of the intrusive ways ads are presented. But there are also compelling security…

July 2, 2016

Nobody wants to pay for security, including security companies

https://www.linkedin.com/pulse/nobody-wants-pay-security-including-companies-beno%C3%AEt-h-dicaire In theory, consumers and businesses could punish Symantec for these oversights by contracting with other security vendors. In practice, there’s no guarantee that…

March 22, 2016

Cyber risk in the business

https://normanmarks.wordpress.com/2015/06/05/cyber-risk-and-the-boardroom/ The take-away that is relevant : Cyber risk should not be managed separately from enterprise or business risk. Cyber may be only one…

May 1, 2015

Can We Secure the ‘Internet of Other People’s Things’?

http://www.eweek.com/security/can-we-secure-the-internet-of-other-peoples-things.html I think that title expresses the problem very well.

November 19, 2014

Should all applicable controls be mentioned in documenting an ISMS?

In my very first job we were told, repeatedly told, to document everything and keep our personal journals up to date. Not just with…

April 25, 2014

OpenBSD forks, prunes, fixes OpenSSL

http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/#ftag=RSS86a1aa4 Interesting, eh? At the very least, this will apply a ‘many eyes’ to some of the SSL code and so long as the…

January 25, 2014

Most CEOs clueless about cyberattacks

http://www.zdnet.com/most-ceos-clueless-about-cyberattacks-and-their-response-to-incidents-proves-it-7000025396/#%21 Perhaps that’s cynical and pessimistic and a headline grabber, but then that’s what makes news. What I’m afraid of is that things like…

August 31, 2013

On ‘paranoia’ – revisiting “Paid to be paraoid”

My fellow CISSP and author Walter Jon  Williams observed that Paranoia is not a part of any mindset. It is an illness. Ah, Walter…

May 30, 2013

Confusion over Physical Assets, Information Assets – Part Two

So I need to compile a list of ALL assets, information or otherwise, NO! That leads to tables and chairs and powerbars. OK so…

May 30, 2013

Confusion over Physical Assets, Information Assets in ISO-27000

I often explain that Information Security focuses on Information Assets. Some day, on the corporate balance sheet, there will be an entry which reads,…

March 26, 2013

What is the goal behind calculating assets in ISO-27000?

My friend and colleague Gary Hinson said about asset valuation in ISO-27000 So, for instance, it’s hard to say exactly how much the HR…

February 17, 2013

Information Gathering and Risk Assessment

On the ISO2700 forum one user gave a long description of his information gathering process but expressed frustration over what to do with it…

January 11, 2013

Another Java bug: Disable the java setting in your browser

http://www.kb.cert.org/vuls/id/625617 Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a…

October 2, 2012

How much Risk Assessment is needed?

In many of the InfoSec forums I subscribe to people regularly as  the “How long is a piece of string” question: How extensive a…

August 8, 2012

Steve Wozniak: Cloud Computing Will Cause ‘Horrible Problems In The

http://www.businessinsider.com/steve-wozniak-cloud-computing-will-cause-horrible-problems-in-the-next-five-years-2012-8 Perhaps The Woz isn’t the influence he once was, and certainly not on Wall Street and the consumer market place. The unbounded RAH-RAH-RAH…

July 2, 2012

Tight budgets no excuse for SMBs’ poor security readiness

http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge, noted that smaller companies…

June 29, 2012

Control objectives – Why they are important

http://blog.iso27001standard.com/2012/04/10/iso-27001-control-objectives-why-are-they-important/ Let us leave aside the poor blog layout, Dejan’s picture ‘above the fold’ taking up to much screen real estate. In actuality he’s…

May 25, 2012

Why Info Sec Positions Go Unfilled

http://www.infosecleaders.com/2012/05/career-advice-tuesday-why-info-sec-position-go-unfilled/ There are many holes in this, but I think they miss some important points. First is setting IT HR to look for Infosec….

April 1, 2012

Managing Software

Last month, this question came up in a discussion forum I’m involved with: Another challenge to which i want to get an answer to…

March 31, 2012

Help on ISO-27000 SoA

This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000. The  SoA should outline the measures…

Posts navigation

1 2 … 6 Next

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

February 2019
M T W T F S S
« Nov    
 123
45678910
11121314151617
18192021222324
25262728  

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Bob Johnston
  • CERT-CC
  • MSDN- Security
  • Microsoft TechNet – Security
Copyright The InfoSec Blog. All rights reserved. | Theme by SuperbThemes