All documents are in PDF 1.4 format, compatible with Adobe Reader 5.0 and higher
Improving Assurance of InfoSec RoI
The rising cost of securing corporate information and increasing globalisation of business make return on investment a major consideration for security management.
Aspects of corporate culture can thwart the best attempts at information security, preventing it integrating into business operations. The consequence is superficial ‘security as an afterthought’.
A Paradigm Shift in Operational InfoSec
A change of emphasis in information security is long overdue. IT security remains necessary but is no longer sufficient on its own to protect the globally connected enterprise.
Why We Find InfoSec Hard
A fundamental reason we find information security hard - we assign it less effort and attention than the adversary does.
Information Security Risk Assessment
A business-centric approach to information security risk assessment is essential if we hope to avoid getting bogged down in spurious detail and missing the wood for the trees.
A Fairy Tale
A satirical look at the serious problem of losing corporate control over outsourced security services.