Monthly Archives: December 2010

Data Facts vs. My Bias…how I am losing (and why its good)

I have to admit as I listen to the sages on collecting data (Alex Hutton, Mike Dahn, Josh Corman…) I am getting more and more conscious of my own biases about security (guilty as charged!).  Ever since Alex’s post a … Continue reading

Posted in Information Security, InfoSec, IT Risk Management, PCI | 3 Comments

Sustainable Security by Showing Tangible Benefits

I spent a large part of my involuntary layover in Atlanta last month thinking about PCI, Control Objectives and Maturity.  Sometimes interruptions to our business lives like this are good, since stepping back and interrupting our non-stop business life for … Continue reading

Posted in Information Security, Information Security Governance, InfoSec, InfoSec Governance, Security Governance | Leave a comment

They Just Don’t Get It

“They just don’t get security!” As InfoSec professionals we often curse our management, our users or our customers (or all three) because they have done something “stupid” which either creates or nearly creates a security incident.  We howl, we complain, … Continue reading

Posted in Information Security, InfoSec | Leave a comment