Loading ...
BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
-
Recent Comments
- Bouch on Who’s In Charge Here? The Problem of Information Security Governance
- SecurityExec on Who’s In Charge Here? The Problem of Information Security Governance
- dustin on Patent No. 7,124,197: ARP Poisoning Hack!
- Rob on Agility and Risk Compensation: Exploring the Connection
- Navin on Why Information Security Professionals Should Learn Texas Hold ‘em Poker
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC compliance Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG law leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk Risk Analysis risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
Tag Archives: Policies and Procedures
Again, Security as a Differentiator
January 21, 2008 – 6:00 am
–
SC Magazine’s January 2008 cover story this month illustrates security as a differentiator. In the past, I moved from a hard line to more neutral territory based on some marketing material from Visa.
Here are some memorable quotes from SC Magazine:
Businesses can use security to increase…
Data Tracing: Proposal for a Privacy and Data Security Law
January 9, 2008 – 6:00 am
–
My recent Equifax issue (here, here) lead me to wonder about my personal data.
Consumers should be able to find out the following:
1. What a given company is doing with one’s personal information (processing / data mining)
2. Which third parties are privy and have access to their…
You’d think it was a trend…
November 6, 2007 – 6:00 am
–
A few weeks ago I found a badge on the streets of NYC (see here and here). The other day I found another badge that someone lost. The badge finder, instead of tracking the person down, hung the security badge on the intersection emergency call box. Below is a picture from my cell phone, which…
A Way to Think About the Difference between Compliance and Risk Assessment
October 24, 2007 – 6:00 am
–
I heard this example today and I thought it was a very succinct.
Compliance is binary: either one is compliant or one is not.
Risk is a graded: there are different degrees of exposure.
Here is the illustration:
On a desk sits a piece of paper exposing a single person’s non-public…
America Complacent: Chertoff Terrorism Interview on BBC America