‘Upside Risks’ and other stories…

<Rather Technical – for the jargon wielding consultant – casual readers read at your own risk> Why do you take a risk? Because you want to be rewarded. If there is no reward, there is no point in taking a risk. You put money in the stock market because you want to multiply it. You… Continue reading ‘Upside Risks’ and other stories…

The path to ISO 27005

Long long ago, there was a standard called BS7799. It came at a time when the Internet was just starting to become ubiquitous. It spoke in esoteric terms of identifying risks to your information. The simple townsfolk who decided to follow BS 7799, did not understand what it meant. Each person started interpreting the ‘identification… Continue reading The path to ISO 27005

Info-Sec Risk Management – Establishing Context

Talking about information security without mentioning risk management is like talking about literature without mentioning Shakespeare or philosophy without mentioning Socrates. While every info-sec professional worth his salt will know his threats from vulnerabilities, the actual designing of a risk management program in an organization is often neglected. Most organizations hire consultants to define a… Continue reading Info-Sec Risk Management – Establishing Context