The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Tag: compliance

April 21, 2014

What Applicants Should Ask When Interviewing For An InfoSecurity Position

http://www.informationsecuritybuzz.com/applicants-ask-interviewing-information-security-role/ Well what would you ask? These seem to be the kind of questions that might be asked by someone with a strong technical…

May 30, 2013

Confusion over Physical Assets, Information Assets in ISO-27000

I often explain that Information Security focuses on Information Assets. Some day, on the corporate balance sheet, there will be an entry which reads,…

May 14, 2013

Does ISO 27001 compliance need a data leakage prevention policy?

On one of the ISO-27000 lists I subscribe to I commented that one should have a policy to determine the need for and the…

March 24, 2012

Surely compliance is binary?

Call me a dinosaur (that’s OK, since its the weekend and dressed down to work in the garden) but … Surely COMPLIANCE is a…

August 24, 2011

The real reasons for documentation – and how much

he documentation required and/or needed by ISO-2700x is a perenial source of dispute in the various forums I subscribe to. Of course management has…

July 1, 2011

Compliance? What Compliance?

Sometimes I wonder why we bother … The Securities and Exchange Commission doesn’t just enforce the rules that govern Wall Street. When asked, it…

March 15, 2007

Separation of Duties: InfoSec, IT and Audit

A colleague who had the opportunity to restructure the role of his InfoSec department asked for advice about defining the roles and duties and…

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Brian Krebs
  • Stupid Security
  • Kill-HUP.com
  • Bruce Schneier
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme