31 May 2015
Three years after the start of this blog, I have decided to update this page. I have kept the original text below this update for anyone who is interested.
What started off as a blog for making information security practical quickly and naturally got divided into two categories of posts - one for information security professionals and the other that everyone could apply. You can click on the category that interests you on the right.
I realised that the most read posts were the ones where I had done a detailed analysis of certain things. For infosec professionals they were the series on ISO 22301 and ISO 27001:2013. Here are the links:
- ISO 22301 vs BS 25999 Part 1
- ISO 22301 vs BS 25999 Part 2
- ISO 22301 vs BS 25999 Part 3
- ISO 22301 vs BS 25999 Part 4
- Simplifying definitions in ISO 22301
For ISO 27001:2013
- ISO 27001:2013 - A quick overview
- ISO 27001:2013 - Differences -Part 1
- ISO 27001:2013 - Differences - Part 2
Another popular series for everyone was regarding practical wireless security
There are other articles about password managers which everyone can use and one or two articles about the infosec industry and BYOD that would probably interest the infosec professionals. There are a couple of humorous ones, maybe a few caustic ones - feel free to explore and evaluate.
30 May 2012
Information security (infosec) is considered an esoteric subject, reserved for the geeky hackers or excel totting, suit wearing, smooth talking ‘consultants’. It is suitably shrouded behind the smoke screen of intelligent sounding words and complex definitions that make the average users life miserable.
I believe that Information security is more common sense than anything else. Of course, there are a few technicalities that need to be known, but for most parts, it is common sense. Practical Infosec is a blog that tries to simplify information security concepts and reveal the ‘behind the scenes’ view of the cloaks and daggers world of information security.
The world of infosec, sadly, has been far removed from practicality and more towards the ‘controls at the cost of productivity’ and vice versa debates. Simple, practical decisions seem to be the exception rather than the norm. Again, practical infosec tries to change at least a part of that.
I hope to write a post at least once a week. Feel free to suggest topics for posts. View the FAQs page for more clarifications.