Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: Information security

Security and Audit – BFFLs? Maybe not, but…

– …we may have lots of reasons to work together more closely. Maybe it is just the luck of the draw that at almost every employer for the last 15 years, I have been the one to manage our audit relationships, but I am certainly suspicious my good fortune is other than divinely inspired. …

Fitting the CIA Triad in a Business Context: The Concept of Agile Security

– Last year, Harvard Business School Press published a very interesting book entitled IT Risk: Turning Business Threats into Competitive Advantage by George Westerman and Richard Hunter. Westerman is a Research Scientist at the Center for Information Systems Research at the MIT Sloan School of…

Our Polymorphic Fluid Field of Information Security

– Several years ago, I witnessed the first meeting of a newly-minted Director of Information Security with his supervisor, the CIO of a major insurance firm. The CIO carefully drew a large circle on a whiteboard and proceeded to inscribe the word “SECURITY” in the center of the circle. Then, the…

Information Security: Orphan of the Org Chart?

– In the 1990s, many Infosec professionals frequently played a game called “Where Do We Belong?” The game consisted of guessing where, on a corporate organization chart, the Information Security (or “Data Security,” as it was often called then) function ideally belonged. Some claimed that…