Have you implemented a firewall? An IPS? An AV? An IAM solution? A DLP? A DRM? An APT solution? A gateway proxy? An MDM solution? An SIEM? Chances are that you have answered “Yes” to at least two questions. (If not, please leave the information security industry right away and do something else. Really. Anything […]
Tag: Infosec
“Can you get us a security certificate in a week’s time?” If you have been in the infosec consulting business long enough, you will, for sure, have come across this sentence. In this post, I want to vent my frustration and tell you the answers that I actually want to give – not […]
The dust seems to be settling over the Heartbleed storm. Questions have been asked and answered. The experts and the newbies have voiced their opinions. This, I feel, is a good moment to answer those little questions that we have always been meaning to ask, but feared being thought of as stupid. Here is my attempt […]
I generally write long and boring stuff about obscure standards and esoteric practices. Sometimes, I do get bored of this and want to write some fiction. I tried to be Sir Arthur Conan Doyle here. This post is my attempt at faking a news report! TORA BORA: An infamous terrorist outfit has decided to implement […]
The information security industry is in doldrums. If it is not, it probably should be. For the past decade, there has been no change in the basic way we operate. For an industry that is reasonably new and supposedly at the cutting edge of technology, it has not done anything different. Don’t get me wrong […]
‘My dear Watson!’ exclaimed Holmes. “You are no doubt wondering about how they work in Japan.” I looked up in surprise. I was indeed pondering about the work culture in Japan. “Have you started performing black magic, then, Holmes? There can be no other explanation to this” I spake with wide eyes. “How can you […]
Yet another year goes by in the infosec world. This is probably my first year of regular blogging. By regular, I mean at least one post a month (as opposed to the promised one post a fortnight!) Rather than think of anything new at this time of the year, I thought of going with the […]
God controls the averages, not the individual. I was impressed by this line when I read it in Scott Adam’s brilliant book – God’s Debris’. I could almost imagine God to be looking at data and tweaking it (like a benevolent central banker) to control the averages. Too many people? Hmm…. Increase lifestyle diseases. Too […]
You know you are a consultant when you are unable to describe what you do for a living to an acquaintance you meet. Most of my casual conversations go like this: Me: “So, what do you do?” Acquaintance(ACQ): “I work at a bank/ an IT services firm/ a manufacturing organisation.” ACQ: “And what do you […]
Categories
The new ISO 27001
So, the new ISO 27001 is here. After 8 years, the entire ISMS approach has been revamped. The newer version of ISO 27001 aka. ISO 27001:2013 is a much slimmer document. There is no introduction to the process approach and – surprise surprise, no diagram of the Deming’s cycle. No beating around the bush for […]