Simplifying Information Security Procedures

This post is in continuation to the previous post on simplifying information security policies. The infosec world is confused when it comes to defining what a process is. Countless hours have gone by, when I have tried to ‘define’ a process to my clients. In fact, even among experts, there is a disconnect on the… Continue reading Simplifying Information Security Procedures

Information Security Policies – The power of simplicity

‘When was the last time you reviewed your information security policies and procedures?’ – I ask this question to many of my clients. The standard response that I get from the audit-weary CISOs is ‘annually’. The ‘annual review’ ritual of information security policies is akin to the blind following of superstitions. You just do things… Continue reading Information Security Policies – The power of simplicity

ISO 27005 – The differences Demystified

With my misadventure with Blogger done – I did not qualify to make easy money with Google Adsense 🙂 – I move the sole post from Blogger back to the trusted WordPress. Please ignore this if you have already read the previous post ___________________________ This post continues from http://practicalinfosec.wordpress.com/2013/02/11/the-path-to-iso-27005/. If you have not read that post,… Continue reading ISO 27005 – The differences Demystified

The path to ISO 27005

Long long ago, there was a standard called BS7799. It came at a time when the Internet was just starting to become ubiquitous. It spoke in esoteric terms of identifying risks to your information. The simple townsfolk who decided to follow BS 7799, did not understand what it meant. Each person started interpreting the ‘identification… Continue reading The path to ISO 27005

Simplifying key definitions in ISO 22301

Business Continuity Management, by nature is a simple and logical process. It is not rocket science. Anyone who knows about the business can write a business continuity plan with a little reading. The problem arises because those who know the business do not understand the terms and definitions used in a ‘formal’ BCP, and those… Continue reading Simplifying key definitions in ISO 22301

Privacy policies and practical jokes

Ok, I am an information security and risk management consultant who advises companies about how to protect themselves and reduce risks, et al. This does not mean that I would read every disclaimer and error messages that are constantly thrown at me. I am as susceptible as the next guy when it comes to clicking… Continue reading Privacy policies and practical jokes

Difference between DR and BCP and other stories

Business Continuity Planning (BCP) and Disaster Recovery (DR) are used together so often that people often begin to forget that there is a difference between the two. The idea of this post is to try to define these terms from a practical point of view. As I like to mention in all my posts, this… Continue reading Difference between DR and BCP and other stories