The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Tag: Risk

May 9, 2015

Tracking kids via microchip ‘can’t be far off,’ says expert

http://www.kens5.com/story/news/2015/05/07/tracking-kids-via-microchip-cant-be-far-off-says-expert/70986060/ Dickerson said she though one day, “I microchip my dog, why couldn’t I microchip my son?” I think there’s something despicable about treating…

August 31, 2013

On ‘paranoia’ – revisiting “Paid to be paraoid”

My fellow CISSP and author Walter Jon  Williams observed that Paranoia is not a part of any mindset. It is an illness. Ah, Walter…

May 30, 2013

Confusion over Physical Assets, Information Assets in ISO-27000

I often explain that Information Security focuses on Information Assets. Some day, on the corporate balance sheet, there will be an entry which reads,…

March 31, 2012

Help on ISO-27000 SoA

This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000. The  SoA should outline the measures…

March 18, 2012

About ISO 27001 Risk Statement and Controls

On the ISO27000 Forum list, someone asked: I’m looking for Risk statement for each ISO 27k control; meaning “what is the risk of not…

August 4, 2011

Mistaken Thinking – Risk not threats

Via a LinkedIn posting in the Infosecurity magazine forum titled “Internet Threats Posed By Mobile Devices: How Can We Prevent Them?” I came to…

July 2, 2011

Risk Models that hide important information

Some people seem to be making life difficult for themselves with risk models such as “Impact * Probability” and as such have lead themselves…

January 31, 2011

IT AUDIT VS Risk Assessment – 2

We were discussing which should be done first and someone said: The first has to be risk assessment as it is foundation of information…

May 28, 2010

“Impact” is not a Metric

I never like to see the term ‘impact’. Its not a metric. I discuss how length, temperature, weight, are metrics whereas speed, acceleration, entropy…

October 6, 2009

About creating Corporate IT Security Policies

As I’ve said before, you should not ask yourself what policies to write but what you need to control.  If you begin with a…

August 3, 2009

Significant Impact Calculation in Business Risk

My colleague Gary Hinson made the following observation on the ISO 27001 list in August: There are numerous assumptions and estimations in the risk…

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

June 2022
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
27282930  
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Brian Krebs
  • Stupid Security
  • Kill-HUP.com
  • Bruce Schneier
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme