The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Category: Standards

November 19, 2014

Should all applicable controls be mentioned in documenting an ISMS?

In my very first job we were told, repeatedly told, to document everything and keep our personal journals up to date. Not just with…

November 15, 2014

This is not the IoT you want.

http://www.cnet.com/products/quirky-outlink/ If I plug in an IDE drive or a SATA drive or a USB drive or device my mobo or system recognizes what…

April 25, 2014

OpenBSD forks, prunes, fixes OpenSSL

http://www.zdnet.com/openbsd-forks-prunes-fixes-openssl-7000028613/#ftag=RSS86a1aa4 Interesting, eh? At the very least, this will apply a ‘many eyes’ to some of the SSL code and so long as the…

August 25, 2013

The Truth About Best Practices

An article on Linked entitled ‘The Truth about Practices” started a discussion thread with some of my colleagues. The most pertinent comment came from…

May 14, 2013

Does ISO 27001 compliance need a data leakage prevention policy?

On one of the ISO-27000 lists I subscribe to I commented that one should have a policy to determine the need for and the…

October 2, 2012

How much Risk Assessment is needed?

In many of the InfoSec forums I subscribe to people regularly as  the “How long is a piece of string” question: How extensive a…

April 5, 2012

An OP-ED by Richard Clarke on China

http://www.nytimes.com/2012/04/03/opinion/how-china-steals-our-secrets.html This is better written than most ‘chicken little’ pieces, but please can we have ‘history’ of how most nations, including the USA, have…

April 1, 2012

Managing Software

Last month, this question came up in a discussion forum I’m involved with: Another challenge to which i want to get an answer to…

March 31, 2012

Help on ISO-27000 SoA

This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000. The  SoA should outline the measures…

March 24, 2012

Surely compliance is binary?

Call me a dinosaur (that’s OK, since its the weekend and dressed down to work in the garden) but … Surely COMPLIANCE is a…

March 23, 2012

Social Engineering and sufficency of awareness training

Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are…

March 18, 2012

About ISO 27001 Risk Statement and Controls

On the ISO27000 Forum list, someone asked: I’m looking for Risk statement for each ISO 27k control; meaning “what is the risk of not…

March 6, 2012

Naval War College uses Russian software for iPad course material

http://www.nextgov.com/nextgov/ng_20120305_6368.php The Navy’s premier institution for developing senior strategic and operational leaders started issuing students Apple iPad tablet computers equipped with GoodReader software in…

January 17, 2012

How to decide on what DVD backup software to use

You do do backups don’t you?  Backups to DVD is easy, but what software to use? – How are you managing the backup archives?…

November 30, 2011

Doubts about “Defense in Depth”

 So to have great (subjective) protection your layered protection and controls have to be “bubbled” as opposed to linear (to slow down or impede…

November 30, 2011

On the HP Printer Hack

The hack to make the HP printers burn was interesting, but lets face it, a printer today is a  special purpose computer and a…

November 13, 2011

Which Risk Framework to Use: FAIR, FRAP, OCTAVE, SABSA …

What framework would you use to provide for quantitative or qualitative risk analysis at both the micro and macro level?  I’m asking about a…

August 24, 2011

The real reasons for documentation – and how much

he documentation required and/or needed by ISO-2700x is a perenial source of dispute in the various forums I subscribe to. Of course management has…

August 22, 2011

Your Asset is my Consumable

August 6, 2011

Schneier on Security: Hacking Cars Through Wireless Tire-Pressure

http://www.schneier.com/blog/archives/2010/08/hacking_cars_th.html A few alarming things here. More nanny State : In other words, the nanny state is forcing upon us expensive and insecure systems…

Posts navigation

1 2 3 Next

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

January 2021
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Bruce Schneier
  • CERT-CC
  • MSDN- Security
  • Microsoft TechNet – Security
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme