May 30, 2013 Confusion over Physical Assets, Information Assets in ISO-27000 I often explain that Information Security focuses on Information Assets. Some day, on the corporate balance sheet, there will be an entry which reads,…
May 14, 2013 Does ISO 27001 compliance need a data leakage prevention policy? On one of the ISO-27000 lists I subscribe to I commented that one should have a policy to determine the need for and the…
August 9, 2012 How to build an asset inventory for 27001 How do you know WHAT assets are to be included in the ISO-27K Asset Inventory? This question and variants of the “What are assets…
January 6, 2011 What drives the RA? Need or Fashion? A colleague in InfoSec made the following observation: My point – RA is a nice to have, but it is superfluous. It looks nice…