by Alex Fugairon | Jan 26, 2017 | InfoSec Risk Assessment
The “Goldilocks and the Three Bears” Approach I’m sure most people are familiar with the children’s tale of “Goldilocks and the Three Bears.” What does that have to do with security risk assessments? I’ve found that when it comes to assessing information...
by Chris Banta | Dec 22, 2016 | Business Continuity Management
In all my years as both an information security manager and a senior-level security advisor, one of the top questions that I have routinely been asked is: “How do I manage risk effectively?” The answer to this question comes down to risk tolerance. What is Risk? On...
by John Verry | Dec 8, 2016 | ISO 27001 Certification
Sitting through Stage 1 of an ISO 27001 certification audit for the first time can feel pretty daunting—even for a seasoned information security professional. Stage 1 is unusual in that focuses on the operation of the Information Security Management System (ISMS), not...
by John Verry | Nov 23, 2016 | Business Continuity Management, Disaster Recovery
I recently spoke at the NJ-GMIS Cyber Security Briefing at New Jersey’s Regional Operations and Intelligence Center (ROIC) on approaches to reducing risk in municipal governments via third-party assessment. The presentation ended up getting very interesting when we...
by Andrew Shumate | Aug 16, 2016 | InfoSec Risk Assessment
Risk assessment is a fascinating activity that is relevant to everyone, all the time, and involves both our individual, subjective interpretation and the pure objectivity of statistics. Money, power, security, survival, rationality, emotion—it all comes into play when...
