Several years ago we “formalized” our penetration testing approach into several distinct levels that correlated with the level of assurance the client was seeking and/or the risk associated with the particular network infrastructure under assessment. In that effort we also “formalized” the “less technical” aspects of the Reconnaissance phase of our testing and began referring to this portion of ...
I love George Bernard Shaw’s quotation “The single biggest problem with communication is the illusion that it has taken place.” As imitation is the most sincere form of flattery; The single biggest problem with Information Security is the illusion that it has taken place.
In February, the Ministry of Communications and Information Technology (MCIT) released the draft notification proposed to be released in respect of Section 43A of ITA 2008.
Under Sec 43A the ITA (Information Technology Act) defines what “Sensitive Personal Information” is and the “Reasonable Security Practice” that a company should follow to protect it.
The current phrasing of ...
Continue Reading →
A comprehensive approach to an information security assessment sounds like a good thing, correct? After all, comprehensive means “ Complete; including all or nearly all elements or aspects of something”. Having uniquely focused on conducting information security assessments for the last ten years – I have often tried to effectively communicate the difference. A recent electrical utilities project we worked on perfectly illustrates ...
The good (& now rich!) folks at Clearwell published an interesting eDiscovery “trends” article last fall.
Join the other subscribers and receive Information Security article updates by email.
ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Database Security is one step in a comprehensive approach to building a robust Information Security Management System.
Penetration Tests are often used in a manner that is inconsistent with achieving the assurance that the organization seeks.
Best Practices for SIEM learned from working closely with numerous vendors and customers on a wide variety of SIEM projects.
Risky Business Blog
Simplified Blog
Techno Blog
In The News
RSS Feed
