November 8, 2015 The fatal flaw in IT Risk management Is interviewing is a much better method that self-certifications and a checklist, if time and resources allow. Two points: In the ISO-27001 forum, my…
August 9, 2012 How to build an asset inventory for 27001 How do you know WHAT assets are to be included in the ISO-27K Asset Inventory? This question and variants of the “What are assets…
March 31, 2012 Help on ISO-27000 SoA This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000. The SoA should outline the measures…
January 25, 2012 “Cybercrime” is still Crime and “Cyberfraud” is still Fraud http://www.techsecuritytoday.com/index.php/our-contributors/michael-vizard/entry/lifting-the-veil-on-cybercrime This says it all: At the end of the day, cybercriminal activity is not all that different from more traditional forms of organized…
November 13, 2011 Which Risk Framework to Use: FAIR, FRAP, OCTAVE, SABSA … What framework would you use to provide for quantitative or qualitative risk analysis at both the micro and macro level? I’m asking about a…
May 22, 2010 Risk Analysis Makes No Sense … does it? Image via Wikipedia Take a look at this article. http://www.zdnet.com/blog/security/security-engineering-broken-promises/6503 You’re back? What did you think of it? OK, now look again, scroll down…
December 1, 2008 Stolen laptop leads to drug bust So when I see a laptop valued at $9,000 I get to wonder. If this hadn’t been recovered and the owner tried to claim that amount on his insurance policy I wonder what the reaction of the insurance company would have been.