May 14, 2013 Does ISO 27001 compliance need a data leakage prevention policy? On one of the ISO-27000 lists I subscribe to I commented that one should have a policy to determine the need for and the…
February 16, 2013 The #1 Reason Leadership Development Fails http://www.forbes.com/sites/mikemyatt/2012/12/19/the-1-reason-leadership-development-fails/ I wouldn’t have though, based on the title, that I’d be blogging about this, but then again one can get fed up with…
October 2, 2012 An “11th Domain” book. http://www.infosectoday.com/Articles/Persuasive_Security_Awareness_Program.htm Gary Hinson makes the point here that Rebecca Herrold makes elsewhere: Awareness training is important. I go slightly further and think that a…
July 2, 2012 Tight budgets no excuse for SMBs’ poor security readiness http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge, noted that smaller companies…
March 23, 2012 Social Engineering and sufficency of awareness training Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are…
May 22, 2010 Risk Analysis Makes No Sense … does it? Image via Wikipedia Take a look at this article. http://www.zdnet.com/blog/security/security-engineering-broken-promises/6503 You’re back? What did you think of it? OK, now look again, scroll down…
February 28, 2010 The FBI risk equation It seems that to make better cybersecurity-related decisions a senior FBI official recommends considering a simple algebraic equation: risk = threat x vulnerability x…