The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Tag: Policy

November 8, 2015

The fatal flaw in IT Risk management

Is interviewing is a much better method that self-certifications and a checklist, if time and resources allow. Two points: In the ISO-27001 forum, my…

April 21, 2014

What Applicants Should Ask When Interviewing For An InfoSecurity Position

http://www.informationsecuritybuzz.com/applicants-ask-interviewing-information-security-role/ Well what would you ask? These seem to be the kind of questions that might be asked by someone with a strong technical…

May 30, 2013

Confusion over Physical Assets, Information Assets in ISO-27000

I often explain that Information Security focuses on Information Assets. Some day, on the corporate balance sheet, there will be an entry which reads,…

May 14, 2013

Does ISO 27001 compliance need a data leakage prevention policy?

On one of the ISO-27000 lists I subscribe to I commented that one should have a policy to determine the need for and the…

June 29, 2012

Control objectives – Why they are important

http://blog.iso27001standard.com/2012/04/10/iso-27001-control-objectives-why-are-they-important/ Let us leave aside the poor blog layout, Dejan’s picture ‘above the fold’ taking up to much screen real estate. In actuality he’s…

March 23, 2012

Social Engineering and sufficency of awareness training

Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are…

February 8, 2012

Upside and downside: How I hate Journalists

http://compliancesearch.com/compliancex/insider-trading/senate-votes-to-ban-insider-trading-by-its-members/ And this doesn’t actually stop them form making use of ‘insider information’ they just have to declare it within 30 days. No, wait,…

August 24, 2011

The real reasons for documentation – and how much

he documentation required and/or needed by ISO-2700x is a perenial source of dispute in the various forums I subscribe to. Of course management has…

August 18, 2011

TV kills!

I keep telling everybody that TV is injurious to your (mental) health, but does anyone listen? Why should they? They didn’t when Gerry Mander…

February 24, 2011

Are *YOU* ready to give up yet?

Apparently (ISC)2 did this survey … which means they asked the likes of us …. http://www.darkreading.com/security-monitoring/167901086/security/security-management/229219084/under-growing-pressure-security-pros-may-be-ready-to-crack-study-says.html Faced with an attack surface that seems to…

July 14, 2010

IAM – Basics – Policy

If there’s one thing that upsets me when I see articles and posting to forums about policy, its mention of a “Password Policy”. I…

March 26, 2010

A Security Policy needs to be abstract not specific

Image via Wikipedia There’s much I don’t like about many of the published security policies an the ones I see in use at many…

January 25, 2010

About Social Networking policy

Policy development is one of my areas of practice, so when a colleague on a mailing list asked about how to phrase policy to…

October 6, 2009

About creating Corporate IT Security Policies

As I’ve said before, you should not ask yourself what policies to write but what you need to control.  If you begin with a…

April 28, 2009

Swine Flu Issues – insufficient discrimination

The trouble with some people is that they make some deceptively reasonable comments that don’t stand up under critical analysis  With an ailing economy…

April 6, 2007

Make your policy generic, not specific

Some of us security types were discussion policy, login notices and the like. Someone commetned on a badly written poicy about the use of…

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Brian Krebs
  • Stupid Security
  • Kill-HUP.com
  • Bruce Schneier
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme