The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Category: Standards

August 6, 2011

The Decline of the Physical Desktop

http://www.eweek.com/c/a/IT-Management/As-Foretold-by-Desktop-Managment-Tools-588370/ What’s interesting here is that this isn’t preaching “The Cloud” and only mentions VDI in one paragraph (2 in the one-line expanded version)….

June 21, 2011

In praise of OSSTMM

In case you’re not aware, ISECOM (Institute for Security and Open Methodologies) has OSSTMM3 – The Open Source Security Testing Methodology Manual – http://www.isecom.org/osstmm/…

February 24, 2011

Are *YOU* ready to give up yet?

Apparently (ISC)2 did this survey … which means they asked the likes of us …. http://www.darkreading.com/security-monitoring/167901086/security/security-management/229219084/under-growing-pressure-security-pros-may-be-ready-to-crack-study-says.html Faced with an attack surface that seems to…

December 3, 2010

All Threats? All Vulnerabilities? All Assets?

One list I subscribe I saw this outrageous statement: ISO 27001 requires that you take account of all the relevant threats (and vulnerabilities) to…

November 11, 2010

BCP or BIA

Image via Wikipedia A business might possibly choose not to have a BCP but they might be interested in doing a BIA After all,…

October 1, 2010

On the abuse of the term “Architecture” in IT

A friend and colleague who is also a security guru and much better qualified than me and who admits that he is not a…

September 23, 2010

Third-party code putting companies at risk

Image via Wikipedia http://www.infoworld.com/d/developer-world/third-party-code-putting-companies-risk-302 This opens: The use of third-party code in applications represents a big security risk for companies, according to a study…

August 20, 2010

Open source and commercial support

In a discussion of Open Source vs Closed Source/Commercial … Voice 1: Maybe because they’re not customers? (in the paying for a service sense)…

July 14, 2010

IAM – Basics – Policy

If there’s one thing that upsets me when I see articles and posting to forums about policy, its mention of a “Password Policy”. I…

July 3, 2010

Gartner: Hosted Virtual Desktops Are the Catalyst Behind Changing

June 29, 2010

You don’t need a Firewall Security Policy

A member of a discussion list I subscribe asked for a Firewall Policy template. A usual, I was alarmed enough by this to want…

June 4, 2010

Google Phasing out Windows

http://www.h-online.com/security/news/item/Report-Google-phasing-out-internal-use-of-Microsoft-Windows-1012679.html “According to a report in the Financial Times, Google are phasing out the use of Microsoft‘s Windows within the company because of security…

May 19, 2010

The Classical Risk Equation

What we had drilled into us when I worked in Internal Audit and when I was preparing for the CISA exam was the following…

March 26, 2010

A Security Policy needs to be abstract not specific

Image via Wikipedia There’s much I don’t like about many of the published security policies an the ones I see in use at many…

February 28, 2010

The FBI risk equation

It seems that to make better cybersecurity-related decisions a senior FBI official recommends considering a simple algebraic equation: risk = threat x vulnerability x…

February 5, 2010

The checklist revolution works

http://www.smartplanet.com/technology/blog/rethinking-healthcare/the-checklist-revolution-works/838/ I can see the reasoning behind why doctors would object to check-lists, but it makes me wonder why so many corporate IT departments,…

January 25, 2010

About Social Networking policy

Policy development is one of my areas of practice, so when a colleague on a mailing list asked about how to phrase policy to…

November 13, 2009

The Cost of patching

I saw this assertion go by and it stood out: The bigger cost would be the cost of not patching. Such items as downtime…

October 6, 2009

About creating Corporate IT Security Policies

As I’ve said before, you should not ask yourself what policies to write but what you need to control.  If you begin with a…

September 16, 2009

The Glass Half Full

Image by Getty Images via @daylife Optimist: The glass is half full Pessimist: The glass is half empty Cost Accountant: The vessel is too…

Posts navigation

Previous 1 2 3 Next

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

June 2022
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
27282930  
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Brian Krebs
  • Stupid Security
  • Kill-HUP.com
  • Bruce Schneier
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme