Category Archives: InfoSec Governance

Accuracy vs. Precision – My Risk Epiphany

Posted on 24 August, 2012 by Daniel Blander

Did you ever have a moment where a concept you have never been able to figure out or understand suddenly clicks in your head?  I had long struggled to understand a key element of Risk Management – how to perform … Continue reading

Posted in Information Security Governance, InfoSec Governance, IT Risk Management, Security Governance | 1 Comment

#SecBiz or The Better Answer to Martin’s Question

Posted on 24 October, 2011 by Daniel Blander

I had the good fortune of a long drive (12 hours to be exact) which allowed me time to catch up on four months of backlogged Martin McKeay’s Network Security Podcasts.  My fortune improved when I listened to the June … Continue reading

Posted in CISO, CSO, Information Security Governance, InfoSec Governance, IT Risk Management, Security Governance | 1 Comment

Do you have SOCD? (Security Obsessive Compulsive Disorder)

Posted on 17 June, 2011 by Daniel Blander

Are you SOCD? You have it if: You feel the constant need to force drastic security measures. You say: “This company really needs to revise all the (SOX) controls.  There’s absolutely no reason to have management involved in the process.” … Continue reading

Posted in CISO, CSO, Information Security, Information Security Governance, InfoSec, InfoSec Governance, IT Risk Management, Security Governance, Uncategorized | Leave a comment

Sustainable Security by Showing Tangible Benefits

Posted on 1 December, 2010 by Daniel Blander

I spent a large part of my involuntary layover in Atlanta last month thinking about PCI, Control Objectives and Maturity.  Sometimes interruptions to our business lives like this are good, since stepping back and interrupting our non-stop business life for … Continue reading

Posted in Information Security, Information Security Governance, InfoSec, InfoSec Governance, Security Governance | Leave a comment

The One-Hundred-Zero-Fifty Rule

Posted on 29 September, 2010 by Daniel Blander

I had a employee in a security department that I was running come to me and say “We have a problem, and we need to take care of it right away!”  Now we were in the midst of several major … Continue reading

Posted in CISO, CSO, Information Security Governance, InfoSec Governance, IT Risk Management, Security Governance | Leave a comment

Revolution or Evolution

Posted on 3 September, 2010 by Daniel Blander

I recently had a meeting with a well placed Security Officer.  He made a comment that I thought really summed up the view that I hold as well regarding transformation of Information Security at a company…. “When I started working … Continue reading

Posted in CISO, CSO, Information Security, Information Security Governance, InfoSec, InfoSec Governance, IT Risk Management, Security Governance | Leave a comment

In the beginning…

Posted on 21 August, 2010 by Daniel Blander

…there was a goal of teaching people how to communicate, interact, and learn from each other.  When I wound up in InfoSec and IT Risk Management, my goal evolved into communicating to InfoSec professionals – IT Security Managers, CSO’s, Network … Continue reading

Posted in CISO, CSO, Information Security, Information Security Governance, InfoSec, InfoSec Governance, IT Governance, IT Risk Management, Security Governance, Uncategorized | Tagged | Leave a comment