The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Tag: Donn Parker

March 18, 2012

About ISO 27001 Risk Statement and Controls

On the ISO27000 Forum list, someone asked: I’m looking for Risk statement for each ISO 27k control; meaning “what is the risk of not…

November 30, 2011

On the HP Printer Hack

The hack to make the HP printers burn was interesting, but lets face it, a printer today is a  special purpose computer and a…

April 18, 2011

Requirements for conducting VA & PT – Take 2

Soe people ae under the mistaken impression that a Pen Test simulates a hacker’s action.  We get ridiculous statements in RFPs such as: The…

January 31, 2011

IT AUDIT VS Risk Assessment – 2

We were discussing which should be done first and someone said: The first has to be risk assessment as it is foundation of information…

January 6, 2011

What drives the RA? Need or Fashion?

A colleague in InfoSec made the following observation: My point – RA is a nice to have, but it is superfluous. It looks nice…

December 3, 2010

All Threats? All Vulnerabilities? All Assets?

One list I subscribe I saw this outrageous statement: ISO 27001 requires that you take account of all the relevant threats (and vulnerabilities) to…

September 16, 2010

Admin username/password clouds

That’s a very interesting and pertinent presentation by a guy named Grubb from RedHat: http://www.redhat.com/promo/summit/2008/downloads/pdf/hardening-rhel5.pdf A few items caught my eye: Slide 7 points…

December 27, 2009

Throwing in the towel

I was saddened to hear of an InfoSec colleague who met with overwhelming frustration at work: After two years of dealing with such nonsense,…

November 18, 2006

Encyclopedia of IT terms

CMP ChannelWeb have an on-line encyclopaedia of IT terms. This is a useful addition to my toolbar for composition, along with a more conventional…

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Brian Krebs
  • Stupid Security
  • Kill-HUP.com
  • Bruce Schneier
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme