Posts tagged with: InfoSec

Fighting the wrong Information Security fire

One of the key reasons why Information Security is often poorly aligned with the business is the ‘siege’ mentality trap that Information Security practitioners have a propensity to fall into....
Continue Reading →

Defusing the Security Bomb – Part 2

In Part 1, I took a business perspective on the challenges involved in trying to achieve a balanced security approach and the pitfalls of poor alignment between IT and the...
Continue Reading →

Defusing the Security Bomb – Part 1

I often come across Business Managers who are nervous about their Information Security exposures, yet completely reliant on their IT or Security departments to ‘fix the problem’. With any IT...
Continue Reading →

Are standards worth the paper they are printed on? – Part 2

In Part 1 of this blog, I argued that relying solely on Standards as your blue-print for information security will leave you exposed, as they only offer generalised considerations, are...
Continue Reading →

Are Standards worth the paper they are printed on – Part 1

There are several Information Security Standards in the marketplace that are designed to assist information technology security (ITS) practitioners in protecting their organisation’s information and systems. I argue, and have...
Continue Reading →

Where do I start?

Last year I stumbled upon a concerning reality for many IS professionals. For many of the people I spoke to, the responsibility for Information Security had been unceremoniously dumped on...
Continue Reading →

The Goldilocks Result

We all know security is important, but simply throwing money at your information security (IS) investment is a costly and unreliable method of reducing your exposure to risk. So how...
Continue Reading →

Just Fix It: The Dilemma of an Information Security Professional

Businesses are becoming increasingly aware of the importance of Information Security. However, when a security problem does arise, the Information Technology and Security (ITS) team are often instructed to “just...
Continue Reading →

Are you a victim of the Great Security Con?

At last month’s AISA National Conference I was surprised to engage with so many delegates who recognised right-sizing their Information Security investment was a problem for their organisation. What took...
Continue Reading →