Clik here to view.
BS 25999-2 Business Continuity Management
The BS 25999-2 Specification for business continuity management is out in draft form free to download and review. My apologies for sitting on this so long and not getting it out earlier because the...
View ArticleClik here to view.
BS 31100 Code of Practice for Risk Management
The BS 31100 Code of practice for risk management is also out in draft form free to download and review. This document has the same deadline as the BCM....
View ArticleClik here to view.
PHIN 2.0 Requirements
There are updated guides for anyone who does security compliance assessments of works with the Public Health Information Network (PHIN). These were updated in June of 2007. There are many changes...
View ArticleClik here to view.
Working Toward ISO 17799/27001 Business Continuity Management Compliance
This document is written with the assumption that the organization follows ISO and has implemented many of the controls (including Disaster Recovery), but may be lacking in the area of business...
View ArticleClik here to view.
Authoritative List of Compliance Documents
For anyone looking to find or understand the main key compliance documents across the following industries, regulations, regions of the world the link below has a good list. (Link Updated Sept. 2012)...
View ArticleClik here to view.
Do QSA’s Understand PCI?
I guess that title should say “Can anyone clarify PCI?” or “Can we get some PCI consistency please?. I find myself in discussion day after day on topics around PCI. What is required for web app...
View ArticleClik here to view.
BITS Shared Assessments – Useful or Not
What do you think? Is this another useless assessment methodology, great idea, or a platform for vendors to sell products? I recently went to the 2nd Annual BITs Shared Assessments in Chicago....
View ArticleClik here to view.
Crypto, Encryption, DLP, and Privacy Laws
Doing a project that requires knowledge of international crypto laws. Here is a great resource that has captured information from several sources and put it on a Google map. http://mcaf.ee/cryptolaw...
View ArticleClik here to view.
Get Your Daily Security Feed
There has been a large amount of security information and recent attacks posted in the media. We have Mandiant’s report on China as well as several issues concerning Java. The pure volume of...
View ArticleClik here to view.
Building the Security Operations Center (SOC)
Whether defending against common malware or some determined Nation State, being able to proactively detect attacks and changes in the organization are required. The past year I spent a large amount of...
View Article
