Most people in information security have heard of the Critical Security Controls these days. The idea of a community risk assessment project that helps all prioritize our information security efforts…
One of the projects that we have been thoroughly engaged on at AuditScripts.com has been to work with the Council on Cybersecurity on the Critical Security Controls project. If you…
In some of our training we’ve mentioned to people that we’ve published a number a whitepapers on the Critical Security Controls in conjunction with the SANS Institute and various other…
Metrics definitely seem to be a buzz word in information security circles these days. It seems that I can hardly give a presentation or meet with clients without the topic…
Recently a met with an organization who mentioned to us that they had identified executive engagement in information security (or lack thereof) the biggest risk to their organization. It’s not…
Part of any solid project / program management effort is a program charter that defines the program in order to ensure its success. Too many times projects begin without a…
In a previous blog post we cataloged a number of risk management methodologies that we’ve seen a number of organizations employ in an effort to manage the security of their…
