Regulatory Reality:

May, 2009

May 29, 2009  2:44 AM

Information security pros (and cons).

David Schneier David Schneier Profile: David Schneier

Ever since I first started blogging I’ve worried that there would be weeks when I would simply draw a blank when it came to finding a topic worthy of the audience's time and attention. While I may have hit the occasional bump in the road with posts that weren’t...

May 23, 2009  6:53 PM

Red Flags and contractors

Marcia Savage Marcia Savage Profile: Marcia Savage

I attended an ISSA-Silicon Valley chapter meeting this week, where the featured speaker, Jim Anderson, gave an...

May 20, 2009  7:31 PM

IT Security: Something has to give.

David Schneier David Schneier Profile: David Schneier

My practice has been busy lately helping a number of clients catch up on required tasks before their scheduled exams (it's a case of the old "if it wasn't for the last minute nothing would ever happen" philosophy).  And in authoring some of our reports we're identifying issues and gaps that are in...

May 14, 2009  6:38 PM

Who put the G in GRC?

David Schneier David Schneier Profile: David Schneier

I’m something of an advocate for Governance, Risk and Compliance (GRC) and have been for several years.  I’ve been known to rant a bit how it’s not properly organized as an acronym because everyone who knows knows that risk comes first and so it should’ve been...

May 7, 2009  9:58 PM

PCI compliance is not the end all

David Schneier David Schneier Profile: David Schneier

I was sitting in on a meeting this week during which a security review was being conducted for a proposed software solution for my client. The product was designed and hosted by a third-party vendor.

At first blush I was...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: