John G. Laskey

John Laskey is a US-based security consultant who previously worked in the British government, where he was responsible for securing systems and advising senior managers about major programs. In the US, John has taught the ISO 27001 standard and is now helping develop and market new InfoSec products and services. He is a member of ISSA (New England Chapter).

Articles from John G. Laskey

A Post-Compliant World? Part 3

December 27, 2018

The second piece of this series considered current difficulties of ongoing infosec assurance efforts. Now let’s now turn to how things could look in the near

Learn More

A Post-Compliant World? – Part 2

December 20, 2018

Introduction Do we still have infosec compliance? Is the concept of upholding data and computer security outmoded? I showed in my previous piece how early at

Learn More

A Post-Compliant World? – Part 1

December 19, 2018

Over the next three articles, we will consider the past, present and future state of infosec compliance. Please note that these are personal views, not neces

Learn More

Security Awareness: Using Analogy, Allusion and Sayings

February 13, 2017

Infosec practitioners cannot operate in a bubble. Often, we are called upon to explain our craft, to the shop floor through to the C-suite. Infosec awareness

Learn More

When Convenience Trumps Security

January 3, 2017

Security is always a retrofit. Those true geniuses who invented new ways for us to do things better are not the same people who built in the security and saf

Learn More

What’s So Different with Audit?

November 4, 2016

Though aimed at InfoSec practitioners, I hope this piece will also be of interest to audit practitioners, whether InfoSec centered or not. Audit, Assurance,

Learn More

Entry Level Risk Management: Creating a First Security Risks Register

July 15, 2016

Organizations of all sizes apply risk management to their operations. In larger ones, this will normally be through a formal Enterprise Risk Management (ERM)

Learn More

Lessons from Writing Multiple-Choice Test InfoSec Questions

April 15, 2016

Writing multiple-choice test questions for InfoSec certification exams is challenging. By multiple-choice, I mean those questions that ask students to identi

Learn More

Security in Projects: The Importance of Effective Social and Soft Skills

February 16, 2016

Security is just one part of a process for enabling information projects. However, it has become one of the most vital components to their success. This is w

Learn More

Why ITIL, COBIT and Other Non-Infosec Based Frameworks Are Infosec’s Best Friends

January 26, 2016

As a current or aspiring security professional, you will know of a range of information security frameworks and enablers. These might include standards, e.g.

Learn More

When Your CEO Won’t Take Security Awareness Training

November 25, 2015

CEOs are often the busiest people in any organization. As security professionals, we should respect that: but what can we do when our CEO won't take securit

Learn More

Security Awareness – Judge the Impact to Justify the Effort

November 10, 2015

[download]Download the BEST PRACTICES FOR DEVELOPING AN ENGAGING SECURITY AWARENESS PROGRAM whitepaper[/download] Learn the best practices for developing a s

Learn More