Introduction An information security policy is a fundamental element of protecting information assets. It would not be an exaggeration to say that an effective information security framework starts and finishes with a well-defined and well … Continue reading On policy/standard development
On frameworks – how to build one?
This is an Accepted Manuscript of the article published by Taylor & Francis in EDPACS , Volume 57 Issue 4, available online: https://doi.org/10.1080/07366981.2018.1444009. I am often asked what information security framework I use. Well, … Continue reading On frameworks – how to build one?
On frameworks – how to choose one?
I was approached by a number of people recently, asking my opinion on frameworks. TOGAF, SABSA, COBIT 5, CMMI, and the list go on. Their roles include CISO, security engineer, consultant and so on. A … Continue reading On frameworks – how to choose one?