June 26, 2016 Brexit: What’s Next for Privacy, Policing, Surveillance? http://www.databreachtoday.com/brexit-whats-next-for-privacy-policing-surveillance-a-9225 Now we’re getting over the “how could that do THAT!” shock stage and starting to think what the operational, rather than just the…
May 30, 2013 Confusion over Physical Assets, Information Assets – Part Two So I need to compile a list of ALL assets, information or otherwise, NO! That leads to tables and chairs and powerbars. OK so…
February 16, 2013 The #1 Reason Leadership Development Fails http://www.forbes.com/sites/mikemyatt/2012/12/19/the-1-reason-leadership-development-fails/ I wouldn’t have though, based on the title, that I’d be blogging about this, but then again one can get fed up with…
August 30, 2012 Marketing Is Dead – Harvard Business Review http://blogs.hbr.org/cs/2012/08/marketing_is_dead.html Of course you have to have a catchy title, but what this really says is … in today’s increasingly social media-infused environment, traditional…
August 9, 2012 How to build an asset inventory for 27001 How do you know WHAT assets are to be included in the ISO-27K Asset Inventory? This question and variants of the “What are assets…
May 25, 2012 Why Info Sec Positions Go Unfilled http://www.infosecleaders.com/2012/05/career-advice-tuesday-why-info-sec-position-go-unfilled/ There are many holes in this, but I think they miss some important points. First is setting IT HR to look for Infosec….
August 7, 2011 Using ALE … inappropriately Like many forms of presenting facts, not least of all about risk, reducing complex and multifaceted information to a single figure does a dis-service…
July 1, 2011 Compliance? What Compliance? Sometimes I wonder why we bother … The Securities and Exchange Commission doesn’t just enforce the rules that govern Wall Street. When asked, it…
January 6, 2011 What drives the RA? Need or Fashion? A colleague in InfoSec made the following observation: My point – RA is a nice to have, but it is superfluous. It looks nice…
May 19, 2010 The Classical Risk Equation What we had drilled into us when I worked in Internal Audit and when I was preparing for the CISA exam was the following…
February 28, 2010 The FBI risk equation It seems that to make better cybersecurity-related decisions a senior FBI official recommends considering a simple algebraic equation: risk = threat x vulnerability x…
December 27, 2009 Throwing in the towel I was saddened to hear of an InfoSec colleague who met with overwhelming frustration at work: After two years of dealing with such nonsense,…
October 6, 2009 About creating Corporate IT Security Policies As I’ve said before, you should not ask yourself what policies to write but what you need to control. If you begin with a…
September 16, 2009 The Glass Half Full Image by Getty Images via @daylife Optimist: The glass is half full Pessimist: The glass is half empty Cost Accountant: The vessel is too…
July 24, 2009 One In Two Security Pros Unhappy In Their Jobs http://www.darkreading.com/security/management/showArticle.jhtml?articleID=218600434 Well? Are you? You’d think most professionals in a hot industry like IT security would feel content and challenged technically and creatively in…
July 23, 2009 The Need for Social Engineerig in InfoSec Image via Wikipedia When I took my undergraduate Engineering degree the attitude of my professors was that if we had chose engineering as our…
April 28, 2009 Swine Flu Issues – insufficient discrimination The trouble with some people is that they make some deceptively reasonable comments that don’t stand up under critical analysis  With an ailing economy…
February 5, 2009 Benchmarked: Ubuntu vs Vista vs Windows 7 Image via Wikipedia http://www.tuxradar.com/content/benchmarked-ubuntu-vs-vista-vs-windows-7 Interestingly, even if not that relevant. And, of course, there’s the most important proviso of all: it is very, very…
November 27, 2008 People under extreme stress may behave unpredictably and have limited capacity for rational thought “People under extreme stress may behave unpredictably and have limited capacity for rational thought”
November 11, 2008 Going Rogue In this article at TechRepublic, Tom Olzak tries to address the issue of insider threat by talking about why your employees might ‘go rogue’. …