The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity
Skip to content

Tag: controls

February 18, 2016

Purpose unclear. Why are the FBI *really* trying to subvert encryption?

Tim cook says Apple will fight a federal order to help the FBI hack an iPhone.   An earlier version of this page has…

May 31, 2015

Misnomer

I’ve written before how government agencies misuse terminology associated with information security but it seems to persist and continues to mislead. The latest is…

May 9, 2015

Tracking kids via microchip ‘can’t be far off,’ says expert

http://www.kens5.com/story/news/2015/05/07/tracking-kids-via-microchip-cant-be-far-off-says-expert/70986060/ Dickerson said she though one day, “I microchip my dog, why couldn’t I microchip my son?” I think there’s something despicable about treating…

May 1, 2015

Cyber general: US satellite networks hit by ‘millions’

http://www.forensicmag.com/news/2015/04/cyber-general-us-satellite-networks-hit-millions-hacks I wonder what they consider to be a hack? The wording in the in the article is loose enough to mean that if…

November 19, 2014

Should all applicable controls be mentioned in documenting an ISMS?

In my very first job we were told, repeatedly told, to document everything and keep our personal journals up to date. Not just with…

April 22, 2014

Film or digital?

Do you recall Alan Cooper‘s book “The Inmates are running the Asylum”? He makes the case that once you put a computer in something…

August 31, 2013

On ‘paranoia’ – revisiting “Paid to be paraoid”

My fellow CISSP and author Walter Jon  Williams observed that Paranoia is not a part of any mindset. It is an illness. Ah, Walter…

August 25, 2013

The Truth About Best Practices

An article on Linked entitled ‘The Truth about Practices” started a discussion thread with some of my colleagues. The most pertinent comment came from…

May 30, 2013

Confusion over Physical Assets, Information Assets – Part Two

So I need to compile a list of ALL assets, information or otherwise, NO! That leads to tables and chairs and powerbars. OK so…

May 30, 2013

Confusion over Physical Assets, Information Assets in ISO-27000

I often explain that Information Security focuses on Information Assets. Some day, on the corporate balance sheet, there will be an entry which reads,…

May 14, 2013

Does ISO 27001 compliance need a data leakage prevention policy?

On one of the ISO-27000 lists I subscribe to I commented that one should have a policy to determine the need for and the…

February 17, 2013

Information Gathering and Risk Assessment

On the ISO2700 forum one user gave a long description of his information gathering process but expressed frustration over what to do with it…

October 2, 2012

How much Risk Assessment is needed?

In many of the InfoSec forums I subscribe to people regularly as  the “How long is a piece of string” question: How extensive a…

October 2, 2012

An “11th Domain” book.

http://www.infosectoday.com/Articles/Persuasive_Security_Awareness_Program.htm Gary Hinson makes the point here that Rebecca Herrold makes elsewhere:   Awareness training is important. I go slightly further and think that a…

July 2, 2012

Tight budgets no excuse for SMBs’ poor security readiness

http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge, noted that smaller companies…

March 31, 2012

Help on ISO-27000 SoA

This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000. The  SoA should outline the measures…

March 23, 2012

Social Engineering and sufficency of awareness training

Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are…

March 18, 2012

About ISO 27001 Risk Statement and Controls

On the ISO27000 Forum list, someone asked: I’m looking for Risk statement for each ISO 27k control; meaning “what is the risk of not…

November 30, 2011

Doubts about “Defense in Depth”

 So to have great (subjective) protection your layered protection and controls have to be “bubbled” as opposed to linear (to slow down or impede…

November 30, 2011

On the HP Printer Hack

The hack to make the HP printers burn was interesting, but lets face it, a printer today is a  special purpose computer and a…

Posts navigation

1 2 Next

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

December 2019
M T W T F S S
« Sep    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Bruce Schneier
  • CERT-CC
  • MSDN- Security
  • Microsoft TechNet – Security
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme