The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Tag: Risk assessment

May 30, 2013

Confusion over Physical Assets, Information Assets – Part Two

So I need to compile a list of ALL assets, information or otherwise, NO! That leads to tables and chairs and powerbars. OK so…

March 15, 2013

“Paid to be paranoid”

Read the first four paragraphs of this: http://hollylisle.com/shoes-and-handbags/ Forget the rest, forget that its about ‘creative writing’, just answer that question. Bruce Schneier among…

February 17, 2013

Information Gathering and Risk Assessment

On the ISO2700 forum one user gave a long description of his information gathering process but expressed frustration over what to do with it…

October 2, 2012

How much Risk Assessment is needed?

In many of the InfoSec forums I subscribe to people regularly as  the “How long is a piece of string” question: How extensive a…

March 31, 2012

Help on ISO-27000 SoA

This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000. The  SoA should outline the measures…

November 13, 2011

Which Risk Framework to Use: FAIR, FRAP, OCTAVE, SABSA …

What framework would you use to provide for quantitative or qualitative risk analysis at both the micro and macro level?  I’m asking about a…

July 8, 2011

He’s not Ian Paisley

I was at a presentation yesterday. One of the vendor’s speakers, I’m sorry to say, was a CISSP. OK, he wasn’t Ian Paisley or…

January 31, 2011

IT AUDIT VS Risk Assessment – 2

We were discussing which should be done first and someone said: The first has to be risk assessment as it is foundation of information…

December 3, 2010

All Threats? All Vulnerabilities? All Assets?

One list I subscribe I saw this outrageous statement: ISO 27001 requires that you take account of all the relevant threats (and vulnerabilities) to…

August 3, 2009

Significant Impact Calculation in Business Risk

My colleague Gary Hinson made the following observation on the ISO 27001 list in August: There are numerous assumptions and estimations in the risk…

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Brian Krebs
  • Stupid Security
  • Kill-HUP.com
  • Bruce Schneier
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme