A Post-Compliant World? Part 3
The second piece of this series considered current difficulties of ongoing infosec assurance efforts. Now let’s now turn to how things could look in the near...
John G. Laskey
John Laskey is a US-based security consultant who previously worked in the British government, where he was responsible for securing systems and advising senior managers about major programs. In the US, John has taught the ISO 27001 standard and is now helping develop and market new InfoSec products and services. He is a member of ISSA (New England Chapter).
A Post-Compliant World? – Part 2
Do we still have infosec compliance? Is the concept of upholding data and computer security outmoded?
I showed in my previous piece how early attempts at compliance...
A Post-Compliant World? – Part 1
Over the next three articles, we will consider the past, present and future state of infosec compliance. Please note that these are personal views, not necessarily...
Security Awareness: Using Analogy, Allusion and Sayings
Infosec practitioners cannot operate in a bubble. Often, we are called upon to explain our craft, to the shop floor through to the C-suite. Infosec awareness...
When Convenience Trumps Security
Security is always a retrofit. Those true geniuses who invented new ways for us to do things better are not the same people who built in the security and safety...
What’s So Different with Audit?
Though aimed at InfoSec practitioners, I hope this piece will also be of interest to audit practitioners, whether InfoSec centered or not.
There are fundamental...
Entry Level Risk Management: Creating a First Security Risks Register
Organizations of all sizes apply risk management to their operations. In larger ones, this will normally be through a formal Enterprise Risk Management (ERM)...
Lessons from Writing Multiple-Choice Test InfoSec Questions
Writing multiple-choice test questions for InfoSec certification exams is challenging. By multiple-choice, I mean those questions that ask students to identify...
Security in Projects: The Importance of Effective Social and Soft Skills
Security is just one part of a process for enabling information projects. However, it has become one of the most vital components to their success. This is...
Why ITIL, COBIT and Other Non-Infosec Based Frameworks Are Infosec’s Best Friends
As a current or aspiring security professional, you will know of a range of information security frameworks and enablers. These might include standards, e.g....