May 9, 2015 Tracking kids via microchip ‘can’t be far off,’ says expert http://www.kens5.com/story/news/2015/05/07/tracking-kids-via-microchip-cant-be-far-off-says-expert/70986060/ Dickerson said she though one day, “I microchip my dog, why couldn’t I microchip my son?” I think there’s something despicable about treating…
August 31, 2013 On ‘paranoia’ – revisiting “Paid to be paraoid” My fellow CISSP and author Walter Jon Williams observed that Paranoia is not a part of any mindset. It is an illness. Ah, Walter…
May 30, 2013 Confusion over Physical Assets, Information Assets in ISO-27000 I often explain that Information Security focuses on Information Assets. Some day, on the corporate balance sheet, there will be an entry which reads,…
March 31, 2012 Help on ISO-27000 SoA This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000. The SoA should outline the measures…
March 18, 2012 About ISO 27001 Risk Statement and Controls On the ISO27000 Forum list, someone asked: I’m looking for Risk statement for each ISO 27k control; meaning “what is the risk of not…
August 4, 2011 Mistaken Thinking – Risk not threats Via a LinkedIn posting in the Infosecurity magazine forum titled “Internet Threats Posed By Mobile Devices: How Can We Prevent Them?” I came to…
July 2, 2011 Risk Models that hide important information Some people seem to be making life difficult for themselves with risk models such as “Impact * Probability” and as such have lead themselves…
January 31, 2011 IT AUDIT VS Risk Assessment – 2 We were discussing which should be done first and someone said: The first has to be risk assessment as it is foundation of information…
May 28, 2010 “Impact” is not a Metric I never like to see the term ‘impact’. Its not a metric. I discuss how length, temperature, weight, are metrics whereas speed, acceleration, entropy…
October 6, 2009 About creating Corporate IT Security Policies As I’ve said before, you should not ask yourself what policies to write but what you need to control. If you begin with a…
August 3, 2009 Significant Impact Calculation in Business Risk My colleague Gary Hinson made the following observation on the ISO 27001 list in August: There are numerous assumptions and estimations in the risk…