The FBI risk equation
It seems that to make better cybersecurity-related decisions a senior FBI official recommends considering a simple algebraic equation: risk = threat x vulnerability x consequence rather than solely...
View ArticleRisk Analysis Makes No Sense … does it?
Image via Wikipedia Take a look at this article. http://www.zdnet.com/blog/security/security-engineering-broken-promises/6503 You're back? What did you think of it? OK, now look again, scroll down the...
View ArticleSocial Engineering and sufficency of awareness training
Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are made by the social engineers and to glean information from...
View ArticleTight budgets no excuse for SMBs’ poor security readiness
http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn't know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge,...
View ArticleAn “11th Domain” book.
http://www.infosectoday.com/Articles/Persuasive_Security_Awareness_Program.htm Gary Hinson makes the point here that Rebecca Herrold makes elsewhere: Awareness training is important. I go slightly...
View ArticleThe #1 Reason Leadership Development Fails
http://www.forbes.com/sites/mikemyatt/2012/12/19/the-1-reason-leadership-development-fails/ I wouldn't have though, based on the title, that I'd be blogging about this, but then again one can get fed...
View ArticleDoes ISO 27001 compliance need a data leakage prevention policy?
On one of the ISO-27000 lists I subscribe to I commented that one should have a policy to determine the need for and the criteria for choosing a Data Loss Prevention mechanism. I get criticised...
View Article