Tag Archives: Information security
Security and Audit – BFFLs? Maybe not, but…
November 21, 2008 – 6:00 am
–
…we may have lots of reasons to work together more closely. Maybe it is just the luck of the draw that at almost every employer for the last 15 years, I have been the one to manage our audit relationships, but I am certainly suspicious my good fortune is other than divinely inspired. …
Fitting the CIA Triad in a Business Context: The Concept of Agile Security
May 20, 2008 – 6:00 am
–
Last year, Harvard Business School Press published a very interesting book entitled IT Risk: Turning Business Threats into Competitive Advantage by George Westerman and Richard Hunter. Westerman is a Research Scientist at the Center for Information Systems Research at the MIT Sloan School of…
Our Polymorphic Fluid Field of Information Security
March 27, 2008 – 6:00 am
–
Several years ago, I witnessed the first meeting of a newly-minted Director of Information Security with his supervisor, the CIO of a major insurance firm. The CIO carefully drew a large circle on a whiteboard and proceeded to inscribe the word “SECURITY” in the center of the circle. Then, the…
Information Security: Orphan of the Org Chart?
March 14, 2008 – 6:00 am
–
In the 1990s, many Infosec professionals frequently played a game called “Where Do We Belong?” The game consisted of guessing where, on a corporate organization chart, the Information Security (or “Data Security,” as it was often called then) function ideally belonged. Some claimed that…