December 2008
6 posts
Moving Towards A Mature Security Organization... →
Over the past couple years of blogging, I’ve found that about once or twice a month I’ll write a really long blog post on a subject, only to scrap it before publication. It might be because my…
Fun From FAIR Training →
Sorry for the slow week. We had two sets of training that went (we thought) really, really well.
One of the things we do is ask learners to bring in scenarios that they want to run through FAIR….
Penetration Testing Not Dead, Probably Just Pining... →
Bill Brenner has an article in CSO magazine in which “Fortify Co-Founder and Chief Scientist Brian Chess says:
“2009 will mark the end of pen tests as we know them.”
…
A Friday Afternoon Conversation About PCI DSS →
So I should be doing a million other things beside this, but….
I was thinking while I was driving today about PCI (yeah, that might be an indicator that I think about Risk Management too much). …
What is a Wise Risk Decision Worth? or ISO 27001... →
So yesterday I asked readers to comment on thoughts I had that came from a question asked on the ISO 27001 Google Group:
“How I can communicate the value of an ISO implementation to non-security…
KPIs for ISO 27001? Do Such Things Exist? →
On Gary Hinson’s excellent ISO 27001 Google Group, the following question was just posed:
Dear Implementers:
What could be the KPIs by which I, being Management Representative,
can show…