CSO

This represents both the immaturity of our profession and the highly complex nature of information security while challenging the concepts that many professionals adhere to – that ISO27001, CobiT, COSO, FRAP, OCTAVE, etc., are frameworks when in fact there are just a piece of the overall framework pie.

We don’t know what we don’t know
We know of some things we don’t know
The company really seems like it doesn’t want to know

What is going to happen to all the confidential data left behind?

On March 24, 2009, the Michigan Homeland Security Consortium hosted a panel discussion addressing Data Privacy. The panel comprised experts in the fields of encryption, law, and forensics. While the business leaders in attendance worked in different fields, they were united in their concern for the security of their core information assets.

"Determining the origins of individual and sex-specific odors -- and controlling exogenous chemical contaminants -- may provide the most important challenge for future … studies," the researchers said.

I would recommend that the Obama administration require all companies receiving bailout dollars to disclose any and all security and risk posture information including audit findings, threat and vulnerability information, incidents, breaches, and other such items.

There are many bloggers out there in the blogosphere but a couple that need some recognition.

Every once in a while we do the lighter side. It is that time again to get a chuckle and get our taxonomy corrected and some images that truly depict our current state of affairs.

Machine readable ontologies that interrelate as entities such as incident, control, threat, asset, vulnerability, impact, and risk non-inclusively could be crafted to create a near real-time awareness messaging solution. The ability to create awareness ontologies exists today with many readily available tools. And awareness is just one of the options. Assurance across the whole infrastructure is possible.

Privacy is a flash point for varying opinions that elicits highly subjective and emotional responses. Let me relate our conversation to industry standards, laws and our own policies regarding privacy.