The InfoSec Blog

What is the goal behind calculating assets in ISO-27000?

Posted by Anton Aylward

My friend and colleague Gary Hinson said about asset valuation in ISO-27000

So, for instance, it’s hard to say exactly how much the HR database
is worth, but it’s a fair bet that it is less valuable to the
organization than the Sales and Marketing database containing
commercial details on customers and prospects. Therefore, it
probably makes commercial sense to put more effort and resources into
securing the S&M database against disclosure incidents, than for the
HR database.

While Gary is 'classically' right, there's a hidden gotcha in all that.

It is *YOU* that are assigning value, it is the value to YOU.
As Donn Parker points out, this may be quite different from the the value system of the attackers. You don't know their values, motivations, tools etc etc etc.

Marketing Is Dead – Harvard Business Review

Posted by Anton Aylward

http://blogs.hbr.org/cs/2012/08/marketing_is_dead.html

Of course you have to have a catchy title, but what this really says is

... in today's increasingly social media-infused environment,
traditional marketing and sales not only doesn't work so well, it
doesn't make sense. Think about it: an organization hires people —
employees, agencies, consultants, partners — who don't come from the
buyer's world and whose interests aren't necessarily aligned with his,
and expects them to persuade the buyer to spend his hard-earned money on
something. Huh? When you try to extend traditional marketing logic into
the world of social media, it simply doesn't work.

Yes but there are assumptions there.
Marketing WHAT to WHOM?

As opposed to just selling.

See also:

http://blog.penelopetrunk.com/2012/07/09/how-i-got-a-big-advance-from-a-big-publisher-and-self-published-anyway/#more-10038

Which makes the point that book publishers have come adrift as far as
marketing in the Internet world goes.

English: Infographic on how Social Media are b...
Enhanced by Zemanta

Arrogant? Who? Us?

Posted by Anton Aylward

http://blogs.csoonline.com/problem_3_for_security_professionals_not_enough_humble_pie?source=CSONLE_nlt_update_2010-01-12

Talk about difficult to read!   I hate sites like this, only slightly more than ones that use a completely black background.

Chiemsee - Bayern - Deutschland
Image via Wikipedia

A large part of my "11th Domain" bleating is about communication - thinking in terms of the other person, their needs and views and how the 'message' you're sending will be received and interpreted.