Humans are STILL a Weak Link in Risk Mgmt

Checking out today’s current events from Feedly I ran across Bruce Schneier’s comments around a social engineering attack that resulted in ~ $300,000 loss to Apple in products. If you don’t care to follow the links, Mr Parrish attempted to purchase equipment using debit cards that were declined and then offered to call his bank… Continue reading Humans are STILL a Weak Link in Risk Mgmt

What is Compliance?

I read and hear the term “compliance” used liberally in infosec, often without a clear context. The graphic above is intended to illustrate some business drivers such as statutory laws, regulatory agencies (e.g. GAO’s HIPAA), industry-imposed requirements (e.g. PCI DSS), customers’ and shareholders’ expectations (some of which are legally and contractually required). These plus other… Continue reading What is Compliance?