Notice Bored

APRIL 20, 2022

When you acquire or provide professional services, how do you address the associated information risks? Professional services are information-centric: information is the work product , the purpose, the key deliverable. Guess whose interests they are most likely to protect!

Risk 72

Risk Energy and Utilities Computers and Electronics Telecommunications 72

Notice Bored

MARCH 14, 2022

Also, I'd like to see, somewhere in the ISO27k series , clearer advice on how to tackle the trade-off between control and utility: information that is too tightly secured loses its value, just as it does if inadequately secured. Do you agree? Comment below or email me!

Risk 66

Risk Information Security Surveillance Architecture 66

Notice Bored

JUNE 23, 2022

ISO/IEC 27003 offers a page of 'guidance on formulating an information security risk treatment plan (6.1.3 27003 even indicates/suggests a tabular format and content of the RTP : The word 'plan' in RTP clearly implies an intention to treat identified and evaluated information [security] risks at some future point.

Risk 63

Risk Architecture Accountability InfoSec 63

ForAllSecure

MAY 2, 2023

I’m Robert Vamosi and in this episode I’m talking about online criminal investigations conducted by someone who is inside the infosec community, and how your social media posts -- no matter how good you think you are about hiding -- can reveal a lot about your true identity. Daniel, he keeps a low profile. CLEMENS: I do.

Hacking 40

Hacking Media InfoSec Internet 40