Blog

Chris’ academic paper “Using COBIT to guide the adoption of Enterprise 2.0 technologies” was published in BACIT in December 2009 and is available to download in PDF format from here. The paper is based on an assignment that Chris wrote as part of his Master of Information Management degree and was co-authored by Mike Hine [...]

Welcome to our new website. As well as providing up to date information about our company and services Jim and I will be sharing our thoughts on information security on our blog, so please join in the conversation and consider signing up to our RSS feed.

One common misconception of risk management that I have come up against time and time again is that by managing a risk it has been eliminated and can be closed and removed from the risk register. This is simply not the case as risks can evolve and change over time for any number of reasons. [...]

This is a posting I made from a discussion, on the LinkedIn Information Security Community Group, on which of Confidentiality, Availability and Integrity is most important. I have been engaged in ICT risk assessments in government agencies over the last 2 years. The first stage of each is to establish the business context as the [...]

One of the problems that security practitioners have when discussing risk is agreeing on the terminology. My work in recent years has focussed on using widely accepted standards to underpin security recommendations. All standards define their terminology pretty well. Most recently I have been using the fairly new ISO 31000:2009 as a  reference for risk [...]