Loading ...
BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
-
Recent Comments
- Bouch on Who’s In Charge Here? The Problem of Information Security Governance
- SecurityExec on Who’s In Charge Here? The Problem of Information Security Governance
- dustin on Patent No. 7,124,197: ARP Poisoning Hack!
- Rob on Agility and Risk Compensation: Exploring the Connection
- Navin on Why Information Security Professionals Should Learn Texas Hold ‘em Poker
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC compliance Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG law leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk Risk Analysis risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
Category Archives: Compliance and Laws
Who’s In Charge Here? The Problem of Information Security Governance
July 28, 2008 – 6:00 am
–
A long-time friend of mine recently called with surprising, and sad, news. “I’ve been laid off due to poor profits,” he said. “I receive eight-month’s severance. But if, at the end of eight months, I tell my ex-employer that I’m retired, I’ll get…
An Analysis of the Privacy Rights Clearinghouse “Chronology of Data Breaches” and Implications for Information Security Professionals (pt. 2)
July 2, 2008 – 6:00 am
–
A few weeks ago, I presented the results of an analysis of data breaches occurring in 2007, the last full year for which information is available; the “Chronology of Data Breaches” database, available at the Privacy Rights Clearinghouse website (privacyrights.org) provided source data…
PCI DSS Position on Patching May Be Unjustified
June 27, 2008 – 6:00 am
–
Verizon Business recently posted an excellent article on their blog about security patching. As someone who just read The New School of Information Security (an important book that all information security professionals should read), I thought it was refreshing to see someone take an…
An Analysis of the Privacy Rights Clearinghouse “Chronology of Data Breaches” and Implications for Information Security Professionls (pt. 1)
June 23, 2008 – 6:00 am
–
Within the next few weeks—if not earlier—you should visit the “Chronology of Data Breaches” database available at the Privacy Rights Clearinghouse website (privacyrights.org). The database provides a listing of privacy-related security breaches that have been reported in the United…
Data Classification: Begin With Your Personally Identifiable Information
June 3, 2008 – 6:00 am
–
Let’s face it: Data classification—despite being an information security “best practice”— is an expensive, time-consuming, labor-intensive task. For those organizations supporting thousands (or even hundreds) of applications and databases, the job of identifying all data elements and…
