November 8, 2015 The fatal flaw in IT Risk management Is interviewing is a much better method that self-certifications and a checklist, if time and resources allow. Two points: In the ISO-27001 forum, my…
February 16, 2013 The #1 Reason Leadership Development Fails http://www.forbes.com/sites/mikemyatt/2012/12/19/the-1-reason-leadership-development-fails/ I wouldn’t have though, based on the title, that I’d be blogging about this, but then again one can get fed up with…
October 2, 2012 An “11th Domain” book. http://www.infosectoday.com/Articles/Persuasive_Security_Awareness_Program.htm Gary Hinson makes the point here that Rebecca Herrold makes elsewhere: Awareness training is important. I go slightly further and think that a…
July 2, 2012 Tight budgets no excuse for SMBs’ poor security readiness http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge, noted that smaller companies…
March 23, 2012 Social Engineering and sufficency of awareness training Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are…
November 13, 2011 Which Risk Framework to Use: FAIR, FRAP, OCTAVE, SABSA … What framework would you use to provide for quantitative or qualitative risk analysis at both the micro and macro level? I’m asking about a…
February 24, 2011 Are *YOU* ready to give up yet? Apparently (ISC)2 did this survey … which means they asked the likes of us …. http://www.darkreading.com/security-monitoring/167901086/security/security-management/229219084/under-growing-pressure-security-pros-may-be-ready-to-crack-study-says.html Faced with an attack surface that seems to…
November 27, 2008 People under extreme stress may behave unpredictably and have limited capacity for rational thought “People under extreme stress may behave unpredictably and have limited capacity for rational thought”