Loading ...
BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
-
Recent Comments
- Navin on Why Information Security Professionals Should Learn Texas Hold ‘em Poker
- john doe on An Analysis of the Privacy Rights Clearinghouse “Chronology of Data Breaches” and Implications for Information Security Professionls (pt. 1)
- Adam Shostack on PCI DSS Position on Patching May Be Unjustified
- Jens Laundrup on PCI DSS Position on Patching May Be Unjustified
- Kris on Medical Identity Theft: Your Money or Your Life
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
Crossing the Metrics Rubicon: Quest for the Perfect Measurement
July 18, 2008 – 6:00 am
–
Security metrics represent a great untamed wilderness for organizations trying to determine both their risk profile and the effectiveness of the resources they have allocated to their security program. When I first became a security person after a career managing customer service, finance, and…
E-Discovery: Stick ‘em Up
July 17, 2008 – 6:00 am
–
This column is not strictly about information security, although IS has a role to play. Rather, it is covers a topic that should be of significant interest to the people normally concerned with IS – information technology, compliance, and especially the CFO and the CFO.
First, a disclaimer. The…
Could SPAM Sway the US Presidential Election?
July 10, 2008 – 6:00 am
–
Might the power of SPAM be able to change the course of US political elections? Could a SPAM disinformation campaign sway voters?
This scenario occurred to me after I received SPAM with the following headlines:
McCain suffers heart attack
Obama suffers setback in polls due to sex secrets
The…
Security Buzzword Bingo
July 9, 2008 – 6:00 am
–
I’ve had the opportunity to travel to various security conferences and product demonstrations over the years. Lately in order to continue paying attention to a lot of these presenters, I’ve had to play the game Buzzword Bingo. Everyone should remember the game Bingo, where all the players…
Provisioning: Security’s First Step to Measuring Organizational Impact
July 8, 2008 – 6:00 am
–
Security is often accused, occasionally with merit, of being an obstacle to an organization’s business. While the drumbeat of cyber threats has at least raised the technology risk consciousness of many business managers, security professionals still have the challenge of quantifying how big an…
