BS 25999-2 Business Continuity Management
The BS 25999-2 Specification for business continuity management is out in draft form free to download and review. My apologies for sitting on this so long and not getting it out earlier because the...
View ArticleBS 31100 Code of Practice for Risk Management
The BS 31100 Code of practice for risk management is also out in draft form free to download and review. This document has the same deadline as the BCM....
View ArticlePHIN 2.0 Requirements
There are updated guides for anyone who does security compliance assessments of works with the Public Health Information Network (PHIN). These were updated in June of 2007. There are many changes...
View ArticleWorking Toward ISO 17799/27001 Business Continuity Management Compliance
This document is written with the assumption that the organization follows ISO and has implemented many of the controls (including Disaster Recovery), but may be lacking in the area of business...
View ArticleAuthoritative List of Compliance Documents
For anyone looking to find or understand the main key compliance documents across the following industries, regulations, regions of the world the link below has a good list. (Link Updated Sept. 2012)...
View ArticleDo QSA’s Understand PCI?
I guess that title should say “Can anyone clarify PCI?” or “Can we get some PCI consistency please?. I find myself in discussion day after day on topics around PCI. What is required for web app...
View ArticleBITS Shared Assessments – Useful or Not
What do you think? Is this another useless assessment methodology, great idea, or a platform for vendors to sell products? I recently went to the 2nd Annual BITs Shared Assessments in Chicago....
View ArticleCrypto, Encryption, DLP, and Privacy Laws
Doing a project that requires knowledge of international crypto laws. Here is a great resource that has captured information from several sources and put it on a Google map. http://mcaf.ee/cryptolaw...
View ArticleGet Your Daily Security Feed
There has been a large amount of security information and recent attacks posted in the media. We have Mandiant’s report on China as well as several issues concerning Java. The pure volume of...
View ArticleBuilding the Security Operations Center (SOC)
Whether defending against common malware or some determined Nation State, being able to proactively detect attacks and changes in the organization are required. The past year I spent a large amount of...
View Article
More Pages to Explore .....