Archive for 'Thoughts'

HomeThoughts

Is “Information Security” still “Information Security”

I had the opportunity to do a lunch-and-learn with a group of high-level business people who were not directly involved in information technology/information security.  I was asked to “highlight the current state, key trends, and where information security is going”.  Sitting down with a cup of joe, my Powerpoint slides, and that much latitude was rather interesting, indeed.

I ended up thinking (a lot) about the fact that what the words “information security” meant when I moved into the field “full-time” ...

Continue Reading →
12
JUL
0

Categories: Thoughts

Tags: , , ,

The Electricity Subsector Cybersecurity Capability Maturity Model – Is It Too Much of a Good Thing?

energy-statsThe Department of Energy (DOE) recently published The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2), which allows electric utilities and grid operators to assess their cyber security capabilities and prioritize their actions and investments to improve cyber security.  The Maturity Model was developed as part of a White House initiative led by the DOE in partnership with the Department of Homeland Security (DHS).

On initial review there is a ...

Continue Reading →
11
JUL
0

Categories: Thoughts

Tags: , ,

ISO-27010 – Information Security Guidance for Information Exchange

ISO-27010 – Information Security Guidance for Information Exchange

wireless-pii-pciOur Ethical Hacker Roundup last week included a blurb on stricter laws to protect patient health information (PHI) in Health Information Exchanges (HIEs).  That led me to download and read the new ISO-27010 Standard (Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications).

ISO-27010 was not at all what I expected it to be. I thought it would provide guidance ...

Continue Reading →
27
JUN
0

Categories: Risky Business, Thoughts

Tags: , ,

How OSCAR (not Mayer) Saved our Bacon

How OSCAR (not Mayer) Saved our Bacon

There are two axioms that represent different sides of the same coin that are relevant to this blog post: “The cobblers children always go barefoot … ” and “eating your own dog-food.”  The good news is that because we were eating our own dog-food (and hence not going barefoot) we may have literally avoided a notable monetary loss that could have left us figuratively barefoot and eating dog-food ...

Continue Reading →
12
JUN
0

Categories: OSCAR, Risky Business, Thoughts

Tags: , , , ,

What do Utilities and Oscar Wilde have in common?

What do Utilities and Oscar Wilde have in common?

Wilde is widely known for his masterpiece “The Importance of being Earnest,” written in 1895 … but it’s something else he wrote that relates to utilities in 2012 …

 

Last week we blogged on a Carnegie Mellon study that cited utilities as being among the least-prepared sectors with respect to risk management and executive knowledge of IT issues.  Assuming that conclusion is accurate, it’s hard to argue that there is less Information Security Governance in the utility sector than there should ...

Continue Reading →
31
MAY
0

Categories: Risky Business, Thoughts

Tags: , ,

Page 1 of 11 12345...»