-
Recent Posts
Look at Categories
Archives
- March 2024
- November 2022
- October 2021
- August 2021
- June 2021
- August 2020
- December 2019
- November 2019
- October 2019
- December 2018
- September 2017
- October 2016
- March 2015
- February 2015
- January 2013
- September 2012
- August 2012
- March 2012
- October 2011
- June 2011
- May 2011
- February 2011
- December 2010
- November 2010
- September 2010
- August 2010
Search the Blog
InfoSec Governance
- Security Maturity vs Risk Based Security 24 March, 2024
- Mandatory versus Guidelines: A story of FUD 21 November, 2022
- A Little Tech – Reset Troubles with MFA 18 October, 2021
- The Fear Mongers 11 August, 2021
- Better Late than Never: My First Foray into Real Metrics 3 August, 2021
- Three Key Patterns for Information Security Programs 2 August, 2021
- The Fallacy of Permanence 16 June, 2021
- DevOps is dead, long live Dev! 7 August, 2020
- I Love the Subject of Change Control 17 December, 2019
- Unicorns (and how the Gene Kim challenges us yet again…) 27 November, 2019
Monthly Archives: December 2010
Data Facts vs. My Bias…how I am losing (and why its good)
I have to admit as I listen to the sages on collecting data (Alex Hutton, Mike Dahn, Josh Corman…) I am getting more and more conscious of my own biases about security (guilty as charged!). Ever since Alex’s post a … Continue reading
Posted in Information Security, InfoSec, IT Risk Management, PCI
3 Comments
Sustainable Security by Showing Tangible Benefits
I spent a large part of my involuntary layover in Atlanta last month thinking about PCI, Control Objectives and Maturity. Sometimes interruptions to our business lives like this are good, since stepping back and interrupting our non-stop business life for … Continue reading
They Just Don’t Get It
“They just don’t get security!” As InfoSec professionals we often curse our management, our users or our customers (or all three) because they have done something “stupid” which either creates or nearly creates a security incident. We howl, we complain, … Continue reading
Posted in Information Security, InfoSec
Leave a comment