Pen Test ‘ology’ and Bang for Buck

I had to deliver a presentation recently, so thought I would pop together my thoughts here. It was about ensuring that any investment in penetration testing my wisely spent. If we want the business to use pen-testing. We need to know what it is, they wish to test. For instance: What’s Vulnerable (our information assets)… Continue reading Pen Test ‘ology’ and Bang for Buck

The Information Trilogy

Perhaps this isn’t how things work.. Though in my head. Information falls into one of three camps: Information Governance Information Management Information Assurance. My definitions are as follows: Information Governance. All about having controls in place to ensure that risks are managed. Where risks can’t be managed (for whatever reason) having the framework in place to… Continue reading The Information Trilogy

27001 reasons for different standards

Operational security (for me) is a constantly evolving and an always interesting arena to work in. The bad guys always have more time than you (and technically they are quite smart as well). Whilst having a coffee and a chat recently, we began talking about security standards in a given environment. I jumped on my… Continue reading 27001 reasons for different standards