IT Governance Blog on IT governance, risk management, compliance and information security. » Nick Orchiston

Qualitative vs. Quantitative information security risk assessment methodologies

Nick Orchiston — Thu, 13 Oct 2011 08:58:24 +0000

When researching risk assessment methodologies for carrying out an information security risk assessment you will no doubt be confronted by two terms - Qualitative and Quantitative. Then you may be wondering ‘what should I do now?’

Qualitative vs. Quantitative information security risk assessment methodologies is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Passwords- the bane of everyone’s life?

Nick Orchiston — Tue, 06 Sep 2011 08:22:53 +0000

As a consultant I am often asked what is good practise on passwords. I am afraid I tend to follow what is considered received wisdom as published in CESG memos 26 and 35 which suggested:-

Passwords- the bane of everyone’s life? is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Planning Business Continuity

Nick Orchiston — Fri, 26 Aug 2011 12:43:08 +0000

We all know that Business Continuity is something that should be put in place. Everyone knows that there ought to be contingency plans in the event of a disaster overtaking our business. Anyone knows that, whilst unlikely, a disaster could happen at any moment. No one is better placed to understand this than the board, chief executive and senior management. Someone ought to have these contingency plans ready just in case.

Planning Business Continuity is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Quantum Information Security

Nick Orchiston — Thu, 25 Aug 2011 12:21:25 +0000

In the 1920’s a new theory was developed heavily influenced by the work of Niels Bohr and his colleagues at the Institute of Theoretical Physics in Copenhagen Denmark. This was the theory of Quantum Mechanics which is still very much with us today and provides the foundations of much of modern technological innovations including micro-chips and lasers. As physicists looked closer at the sub-atomic world of the electron they found that matter behaved chaotically. The well ordered worldview that governs the orbits of the planets and trajectories of bullets fell away to be replaced by a world where particles appeared to be in several places all at once.

Quantum Information Security is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

A Pilgrim’s Progress…

Nick Orchiston — Fri, 08 Jul 2011 09:24:18 +0000

So there you are ... someone has mentioned ISO 27001 and that you ought to be certified or ‘have ISO 27001’, as it might be “good for business”. You have heard of ISO 27001, but have always dismissed it as being something to think about. Now, however, maybe it’s time to look into it a bit more seriously.

A Pilgrim’s Progress… is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

ISMS: The Missing Link

Nick Orchiston — Fri, 08 Jul 2011 07:13:36 +0000

You can spend all the money you like on technology or tighten the processes up to the nth degree, but unless people are considered the security will not be watertight.

ISMS: The Missing Link is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

The Ethical Burglar?

Nick Orchiston — Wed, 15 Jun 2011 12:34:15 +0000

You arrive home after an enjoyable evening out. As you approach your house, you hear a noise that appears to come from around the back. Quietly, you step around the back and, in the gloom, you see someone at your back door who seems to be engaged in an attempt to gain entry. “Who’s there?” you call. The man turns; his face is covered. “Don’t worry, my friend,” he says cheerily. “I’m an ethical burglar just checking the security of your house.” He scoops up a bag lying next to his feet and scurries past you. As he passes, he turns and says, “By the way, all seems pretty good”; and with that he vanishes into the night.

The Ethical Burglar? is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

Watch Out: ISO 50001 is about!

Nick Orchiston — Tue, 03 Aug 2010 14:40:23 +0000

Coming to a standards office near you is ISO 50001. Due to be published in early 2011, this will be the definitive Energy Management Standard. Currently, the de facto standard for energy management is EN 16001:2009 'Energy management systems.

Watch Out: ISO 50001 is about! is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.

The case for EN 16001

Nick Orchiston — Tue, 01 Dec 2009 10:09:22 +0000

Strategic approach to energy management: EN 16001 In today’s highly volatile and competitive market place energy costs have assumed a greater significance. With rising fuel costs, open markets in gas and electricity and new government climate change policies, no organisation can afford to be complacent in managing its energy efficiently. Evidence shows that adopting structured [...]

The case for EN 16001 is a post from: IT Governance Blog on IT governance, risk management, compliance and information security.