Innovative ideas on the ends and means of modern information security

We value your feedback! Please contact us through social media or email, or leave a comment. Thank you for visiting.

Why Infosec?

A model for clarity of purpose in information security

Existing information security (infosec) frameworks ignore or presuppose why we invest and participate in infosec—the purpose. Moreover, stakeholders have different motivations, which leads to equivocation, miscommunication, and ineffectiveness.

A model for why infosec improves communication, priorities, and impact:

  • Infosec motivations fall into four categories: economics, edicts, ethics, and excitement (E4)
  • These categories fall along two axes: focus (protector vs. protectee) and discretion (flexible vs. rigid)

Read more ...

1 Aug 2017

An IR Plan You Will Actually Use

Concise, directive, specific, flexible, and free

Incident response planning is a cornerstone of information security programs, but too many plans end up on a shelf gathering dust until the next audit.

A stale, unused plan is almost worse than having no plan: it can lull the organization into a false sense of security, without any meaningful preparedness.

We can definitely do better, with plans that are more concise, directive, specific, flexible, and free. We’ve created a high-quality incident response plan template to get everyone started.

Read more ...

1 Sep 2017