Alex Hutton

About

Hi. This is my personal weblog. I also write at:

http://www.newschoolsecurity.com
http://securityblog.verizonbusiness.com

Twitter

    Following

    http://jonrobinson.tumblr.com/
    Designed by Josh. Powered by Tumblr.

    » A Friday Afternoon Conversation About PCI DSS

    So I should be doing a million other things beside this, but….

    I was thinking while I was driving today about PCI (yeah, that might be an indicator that I think about Risk Management too much). …



    December 05, 2008, 5:32pm  Comments

    » What is a Wise Risk Decision Worth? or ISO 27001 KPIs Follow Up

    So yesterday I asked readers to comment on thoughts I had that came from a question asked on the ISO 27001 Google Group:

    “How I can communicate the value of an ISO implementation to non-security…



    December 03, 2008, 11:24am  Comments

    » KPIs for ISO 27001? Do Such Things Exist?

    On Gary Hinson’s excellent ISO 27001 Google Group, the following question was just posed:

    Dear Implementers:
    What could be the KPIs by which I, being Management Representative,
    can show…



    December 02, 2008, 9:23am  Comments

    » Stuff You Might Like

    Usually I beg off of doing posts that link to other posts (Liquidmatrix does a great job of this on a regular basis), but I was afraid that James & Dave’s usually excellent intern might miss some…



    November 20, 2008, 8:40am  Comments

    » Rational Risk Management, ‘Angry Italians’, and Irrational Security Analysts

    Hope you all had a great weekend.  I had meant to point you earlier to a FAIR analysis that Chris Hayes did over at his Blog.  But I’ve been a little busy, and before I could mention it, Stuart…



    November 17, 2008, 1:29pm  Comments

    » On Security & Risk Management Innovation

    Pre-Script - It should be noted that the outcome of this discussion - in the last paragraph - is one smart way you can approach the “We need to reduce your budget” discussion (if that discussion…



    November 12, 2008, 11:14am  Comments

    » Check It Out! FAIR Public Training December 10-12

    There’s been quite a few people talking about what sorts of strategies make sense for security and security departments in a downturn.  And they’re all very good - but there’s one thing that I’d…



    November 05, 2008, 11:10am  Comments

    » On Being Informative, or Seeing Through The Fog

    Carrying on from yesterday’s post a bit, I’m happy to admit that Chris’ poem is right: we don’t have nearly the information we need now when we’re supposed to have “control” over our assets, putting…



    October 29, 2008, 9:31am  Comments

    » Beat Poet - Chris “Doby Gillis” Hoff

    Crazy, Man.



    October 27, 2008, 3:30pm  Comments

    » CLOUD COMPUTING - STORMY WEATHER?

    Lots being written about the Cloud, most of it quite dark and gloomy.  In fact I’m surprised, that Hoff hasn’t got a preso spooled up called “The Toxic Cloud” or something…



    October 27, 2008, 12:29pm  Comments