November 13, 2011 Which Risk Framework to Use: FAIR, FRAP, OCTAVE, SABSA … What framework would you use to provide for quantitative or qualitative risk analysis at both the micro and macro level? I’m asking about a…
August 24, 2011 The real reasons for documentation – and how much he documentation required and/or needed by ISO-2700x is a perenial source of dispute in the various forums I subscribe to. Of course management has…
December 3, 2010 All Threats? All Vulnerabilities? All Assets? One list I subscribe I saw this outrageous statement: ISO 27001 requires that you take account of all the relevant threats (and vulnerabilities) to…
June 20, 2009 Audit Frequency In one of the forums I subscribe to the question came up “How often should one carry out an internal audit?” There were variations…
April 28, 2009 Swine Flu Issues – insufficient discrimination The trouble with some people is that they make some deceptively reasonable comments that don’t stand up under critical analysis  With an ailing economy…
January 26, 2009 Network Segmentation is Common Sense On one of the professional forums I subscribe to there was a request for “references” to justify the separation of development and production networks…