Category: Terminology

Policy Framework

  A businesses need a policy framework to state its values, expectations and requirements in a meaningful way. The policy framework depends on an organization’s structure to enforce ownership of these statements appropriately.  Policy frameworks aid in understanding the enterprise by setting the ownership of policies, their associated and supporting documents and by creating a structure where these statements can… Continue reading Policy Framework

SANS – Confusion in the Top How Many?

Enterprise Security or Secure Solution program? While discussing the SANS Top 20 Critical Controls a couple of weeks ago I ran into some confusion with an infosec partner about the number of controls we were talking about.  He referred to the Top 25 but I know from my training and certification that there are 20… Continue reading SANS – Confusion in the Top How Many?

Professional Organizations – How to Connect & What They Offer

  This podcast is for both seasoned information security professionals and those who desiring a career in infosec, risk management or privacy. To that end there are agencies that can be beneficial for those at the beginning of their careers or those who are interested in more peer and community engagement. There are various roles… Continue reading Professional Organizations – How to Connect & What They Offer

Identification Performed by Humans

Identification is a process whereby an identity claim is made and evaluated.   Organic Operations Humans do this very naturally when we learn one another’s look, voice, walk and other mannerisms.  The more intimately we know someone the more difficult it is to forge or impersonate that identity in our presence. The complexity of identification is compounded… Continue reading Identification Performed by Humans