‘Upside Risks’ and other stories…

<Rather Technical – for the jargon wielding consultant – casual readers read at your own risk> Why do you take a risk? Because you want to be rewarded. If there is no reward, there is no point in taking a risk. You put money in the stock market because you want to multiply it. You… Continue reading ‘Upside Risks’ and other stories…

ISO 27005 – The differences Demystified

With my misadventure with Blogger done – I did not qualify to make easy money with Google Adsense 🙂 – I move the sole post from Blogger back to the trusted WordPress. Please ignore this if you have already read the previous post ___________________________ This post continues from http://practicalinfosec.wordpress.com/2013/02/11/the-path-to-iso-27005/. If you have not read that post,… Continue reading ISO 27005 – The differences Demystified

Info-Sec Risk Management – Establishing Context

Talking about information security without mentioning risk management is like talking about literature without mentioning Shakespeare or philosophy without mentioning Socrates. While every info-sec professional worth his salt will know his threats from vulnerabilities, the actual designing of a risk management program in an organization is often neglected. Most organizations hire consultants to define a… Continue reading Info-Sec Risk Management – Establishing Context