A Post-Compliant World? Part 3
The second piece of this series considered current difficulties of ongoing infosec assurance efforts. Now let’s now turn to how things could look in the near...
John G. Laskey
John Laskey is a US-based security consultant who previously worked in the British government, where he was responsible for securing systems and advising senior managers about major programs. In the US, John has taught the ISO 27001 standard and is now helping develop and market new InfoSec products and services. He is a member of ISSA (New England Chapter).
A Post-Compliant World? – Part 2
Do we still have infosec compliance? Is the concept of upholding data and computer security outmoded?
I showed in my previous piece how early attempts at compliance...
A Post-Compliant World? – Part 1
Over the next three articles, we will consider the past, present and future state of infosec compliance. Please note that these are personal views, not necessarily...
Security Awareness: Using Analogy, Allusion and Sayings
Infosec practitioners cannot operate in a bubble. Often, we are called upon to explain our craft, to the shop floor through to the C-suite. Infosec awareness...
When Convenience Trumps Security
Security is always a retrofit. Those true geniuses who invented new ways for us to do things better are not the same people who built in the security and safety...
What’s So Different with Audit?
Though aimed at InfoSec practitioners, I hope this piece will also be of interest to audit practitioners, whether InfoSec centered or not.
There are fundamental...
InfoSec Facts From InfoSec fiction: How Popular Entertainment Can Help Security Awareness
A big slice of popular entertainment relies upon fear, and fear of technology is well-represented. Familiar themes include whether or not machines can be trusted;...
Entry Level Risk Management: Creating a First Security Risks Register
Organizations of all sizes apply risk management to their operations. In larger ones, this will normally be through a formal Enterprise Risk Management (ERM)...
Lessons from Writing Multiple-Choice Test InfoSec Questions
Writing multiple-choice test questions for InfoSec certification exams is challenging. By multiple-choice, I mean those questions that ask students to identify...
Practical and Effective Security Incident Management
An organization's incident management procedures should be appropriate to its size. There are lots of materials about - and many opinions on - the right way...