Tag Archives: Information security

Security and Audit – BFFLs? Maybe not, but…

November 21, 2008 – 6:00 am – …we may have lots of reasons to work together more closely. Maybe it is just the luck of the draw that at almost every employer for the last 15 years, I have been the one to manage our audit relationships, but I am certainly suspicious my good fortune is other than divinely inspired. …
By | Posted in Auditing | Also tagged , , , , , | Comments (2)

Fitting the CIA Triad in a Business Context: The Concept of Agile Security

May 20, 2008 – 6:00 am – Last year, Harvard Business School Press published a very interesting book entitled IT Risk: Turning Business Threats into Competitive Advantage by George Westerman and Richard Hunter. Westerman is a Research Scientist at the Center for Information Systems Research at the MIT Sloan School of…
By | Posted in Compliance and Laws, CSO/CISO Perspectives, InfoSec Economics | Also tagged , , , , | Comments (0)

Our Polymorphic Fluid Field of Information Security

March 27, 2008 – 6:00 am – Several years ago, I witnessed the first meeting of a newly-minted Director of Information Security with his supervisor, the CIO of a major insurance firm. The CIO carefully drew a large circle on a whiteboard and proceeded to inscribe the word “SECURITY” in the center of the circle. Then, the…
By | Posted in Information Security News | Also tagged , | Comments (2)

Information Security: Orphan of the Org Chart?

March 14, 2008 – 6:00 am – In the 1990s, many Infosec professionals frequently played a game called “Where Do We Belong?” The game consisted of guessing where, on a corporate organization chart, the Information Security (or “Data Security,” as it was often called then) function ideally belonged. Some claimed that…
By | Posted in Compliance and Laws, CSO/CISO Perspectives | Also tagged , , , | Comments (1)