There is a new document from the U.S. Government Accountability Office (GAO), “STRENGTHENING THE USE OF RISK MANAGEMENT PRINCIPLES IN HOMELAND SECURITY”
It includes discussions of current risk management practices from non-government industries that are really quite interesting, not to mention some great risk management ideas and descriptions of risk management practices.
Check it out!
Archive for the ‘Information Security’ Category
Great New Risk Management Document From The U.S. GAO
Tuesday, April 15th, 2008Privacy and Security Lost And Found
Monday, April 14th, 2008Today I’ve been participating in a very interesting discussion on the Security Catalyst Community about a very interesting project that Scott Wright is doing with Honey Sticks at his site.
Part of the discussion led to the possibility that one of the Honey Sticks that Scott had planted in a hotel, and had been “activated,” may have been turned in to the hotel’s lost and found.
Policy VALUE versus Policy COST
Sunday, April 13th, 2008I’ve been doing a lot of student grading for the Norwich MSIA program, along with a lot of communications with folks new to information security and privacy over the past several years. Policy cost versus policy value has been a frequently occurring topic throughout many of those conversations, and I just wanted to get it out of my mind and on the blog, perhaps to reference later…
One Word Makes A World Of Difference…To Auditors and To Practitioners
Monday, April 7th, 2008I want to continue the discussion I started yesterday.
Is there a difference between “log management” and a “log management system”?
Using PCI DSS-Compliant Log Management to Identify Insider Access Abuse
Tuesday, April 1st, 2008Today I just finished writing the last of a three paper series, “The Essentials Series: PCI Compliance,” in which I discuss and demonstrate three ways in which meeting the PCI DSS requirements for logging also benefits businesses by putting into place log management practices that:
This Is Business Continuity Awareness Week!
Sunday, March 30th, 2008Business Continuity Awareness Week (BCAW) is March 31st – April 4; at least it is in the UK and throughout Europe.
Business Continuity Awareness Week in Australia is the week from Monday, April 28th – Friday, May 2nd.
Employee Fined $13,096 for Drunken Hacking
Friday, March 28th, 2008Dan Swanson sent me this news story (thanks Dan!), which gave me a chuckle…
“Employee Fined $13,000 for Drunken Hacking”
A rather interesting part of his judgment:
Who Had The Brilliant Idea To Outsource U.S. Passports?
Thursday, March 27th, 2008Okay, after the recent passport files snooping debacle I found today’s news story, “Outsourcing passports ‘profound liability’” very ironic and concerning.
Not only for the reported huge waste of taxpayers’ dollars, but also for the security risks…
The Emperors’ New Clothes Lack Privacy
Friday, March 21st, 2008Over the past few weeks I’ve talked to several privacy officers and information security officers about how things are going with their initiatives, funding, and so on. Many from the financial industry, but otherwise a wide range of businesses from small to large. There has been a common theme during these discussions…
