The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Category: Standards

June 20, 2009

Audit Frequency

In one of the forums I subscribe to the question came up “How often should one carry out an internal audit?”  There were variations…

May 4, 2009

OWASP Top Ten is really the OWASP Top 6.5

Image via Wikipedia http://secureme.blogspot.com/2005/10/owasp-top-ten-is-really-owasp-top-65.html This is somewhat dated, but so what? Most of the points raised still hold valid. It opens: CIO/CSO: “I just…

January 4, 2009

Is it the end of the road for LiveCDs?

Image via Wikipedia http://www.freesoftwaremagazine.com/columns/it_end_road_live_cds No. I don’t think so! The price of recordable DVDs is now under $0.22 each That’s roughly 60 times cheaper…

August 22, 2008

A sign of the times

It seems that many people in HR don’t realise that the interview is a two-way street. Not only are they trying to find out…

August 20, 2008

Why would anyone choose Linux when they already have Windows?

http://blogs.techrepublic.com.com/window-on-windows/?p=760&tag=nl.e101 I could go through a litany of complaints I have about Linux. I could complain about the confusing number of distributions. I could…

July 18, 2008

Business Logic Flaws

Toronto – OWASP This month’s meeting was about layer 7 errors in web applications. Trey Ford was a fast spoken Texan and gave some…

August 30, 2007

FMEA as a risk assessment methodology

To my mind FMEA is not only easier than TRA, but it focuses the mind on two key issues – survival and recovery (see MTTR) – that TRA doesn’t.

August 20, 2007

Spam, baseline and ROI calculation

We know that anti-spam (and for some, AV) is a necessary baseline. (I’ll avoid using the ‘diligence’ words for now.) But here is a…

April 6, 2007

Make your policy generic, not specific

Some of us security types were discussion policy, login notices and the like. Someone commetned on a badly written poicy about the use of…

March 15, 2007

Separation of Duties: InfoSec, IT and Audit

A colleague who had the opportunity to restructure the role of his InfoSec department asked for advice about defining the roles and duties and…

December 8, 2006

US-CCU Check List

US-CCU has just finished the final release version of their cyber-security check list. A bookmarked pdf copy of it is temporarily available for download…

Posts navigation

Previous 1 2 3

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

March 2021
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Bruce Schneier
  • CERT-CC
  • MSDN- Security
  • Microsoft TechNet – Security
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme