June 21, 2011 In praise of OSSTMM In case you’re not aware, ISECOM (Institute for Security and Open Methodologies) has OSSTMM3 – The Open Source Security Testing Methodology Manual – http://www.isecom.org/osstmm/…
December 27, 2009 Throwing in the towel I was saddened to hear of an InfoSec colleague who met with overwhelming frustration at work: After two years of dealing with such nonsense,…
August 18, 2009 8 Dirty Secrets of the IT Security Industry – CSO.com Bill Brenner wrote an article that covers some security consulting in general and PCI DSS in particular. Do make note of points 1,3, and…
July 2, 2009 Security Posture Assessment resources No, I don’t think this is a good start. Its ignores such fundamentals as policy, change management, awareness, management reporting, risk assessment and risk…
March 5, 2009 Couldn’t happen to a nicer buncha guys … An independent security consultant describes how vulnerabilities in unpatched releases of the Zeus crimeware kit are being exploited by hackers in order to steal…
March 15, 2007 Separation of Duties: InfoSec, IT and Audit A colleague who had the opportunity to restructure the role of his InfoSec department asked for advice about defining the roles and duties and…