I’ve talked about compliance before however @carnal0wnage recently tweeted a great link to a video explaining the difference between compliance and security. I think this video makes it much more clear than any write-up could possibly do. And no … it isn’t for those of us in the echo chamber but rather something you...
Read more »
There was a time, not so very long ago, that outsourcing security services to third-party companies was seen as risky business. But in today’s economy, outsourcing security services has become more norm than exception, with companies asking themselves, “why didn’t we do this before?” Compliance—that’s why. In the past, many companies were so concerned...
Read more »
Rybolov from The Guerilla CISO, a local infosec NoVA-based blog, has put together a great blog post about NIST’s latest effort to modernize SP 800-30: Risk Management Guide for Information Systems. In his post he stresses how NIST should not change this document into a “catalog of controls gap analysis” process to favor compliance...
Read more »
I was finally able to make it to the Arlington 2600 group infosec meetup event last evening. There was a good turnout with about 10 people showing up. Most of the people that attended were fairly new so nobody really had a good idea of what we were suppose to do.
Read more »
