This is an Accepted Manuscript of the article published by Taylor & Francis in EDPACS , Volume 57 Issue 6, available online: https://doi.org/10.1080/07366981.2018.1476312 Abstract Metaphorizing is the principal means with which to conduct our thinking. … Continue reading Weakest link, or… – extended version
I was asked to participate in a Q&A session late last year, focusing on what the new year holds for us. It was the season for this type of activity, along with goal settings and … Continue reading Extended Q&A
Introduction An information security policy is a fundamental element of protecting information assets. It would not be an exaggeration to say that an effective information security framework starts and finishes with a well-defined and well … Continue reading On policy/standard development
This is an Accepted Manuscript of the article published by Taylor & Francis in EDPACS , Volume 57 Issue 4, available online: https://doi.org/10.1080/07366981.2018.1444009. I am often asked what information security framework I use. Well, … Continue reading On frameworks – how to build one?
I listed a number of cognitive biases and errors in a previous, related post. Anchoring, cognitive tunnelling, cognitive closure and reactive thinking were mentioned. As promised, I am providing further exposition on these cognitive biases … Continue reading On thinking – Urgent or important
“Information Security is only as strong as the weakest link in the chain” The above statement seems to be popular. It appears time to time in blogs, on company websites, in research, in white papers, … Continue reading Weakest link, or… – short version
I was approached by a number of people recently, asking my opinion on frameworks. TOGAF, SABSA, COBIT 5, CMMI, and the list go on. Their roles include CISO, security engineer, consultant and so on. A … Continue reading On frameworks – how to choose one?