DISC InfoSec blog

Information Security Risk Management for ISO27001 / ISO27002
Today, there is hardly any organisation that doesn’t recognise the critical role that information technology plays in supporting its business objectives.
September 01, 2011 /24-7PressRelease/ — Today, there is hardly any organisation that doesn’t recognise the critical role that information technology plays in supporting its business objectives. As a [...]

By Bob Violino, CSO
Assessing and managing risk is a high priority for many organizations, and given the turbulent state of information security vulnerabilities and the need to be compliant with so many regulations, it’s a huge challenge.
Several formal IT risk-assessment frameworks have emerged over the years to help guide security and risk executives [...]

Image by Adam Melancon via Flickr
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
A good RAF organizes and presents information in a way that both technical [...]

Information Technology Control and Audit
The audit is utilized as a tool to check compliance control based on standards such as ISO 27002 or NIST 800-53 etc. Some other terms which are not sometime rigorous audit have been used to asses controls are gap analysis, benchmarking and control review.
Scoping sets the boundaries of the audit, where [...]

Image via Wikipedia
In the past when senior management (execs) needed to understand the financial implication of cyber threats and their exposures, they turned their questionnaires toward IT for relevant answers. In other words IT risk assessment was the answer in the past to understand the financial implications of cyber threats. The IT risk assessment is [...]

In real estate it’s all about location and the same way to succeed in information security risk assessment, it’s all about precise profiling of a system under review. The system profile sets the boundaries of an assessment and the reviewer includes or excludes assets in the review based on their criticality and sensitivity and the [...]