Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-08-06 10:46:21 |
CISO workshop slides (lien direct) |
A glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. The title 'CISO Workshop: Security Program and Strategy' with 'Your Name Here' suggests it might be a template for use in a workshop/course bringing CISOs up to speed on the governance, strategic and architectural aspects of information security, but in fact given the amount of technical detail, it appears to be aimed at informing IT/technology managers about IT or cybersecurity, specifically. Maybe it is intended for newly-appointed CISOs or more junior managers who aspire to be CISOs, helping them clamber up the pyramid (slide 87 of 142): |
Malware
Vulnerability
Threat
Patching
Guideline
Medical
Cloud
|
Uber
APT 38
APT 37
APT 28
APT 19
APT 15
APT 10
APT 34
Guam
|
|
|
2022-06-24 13:40:08 |
The sadly neglected Risk Treatment Plan (lien direct) |
For some curious reason, the Statement of Applicability steals the limelight in the ISO27k world, despite being little more than a formality. Having recently blogged about the dreaded SoA, 'nuff said on that.Today I'm picking up on the SoA's shy little brother, the Risk Treatment Plan. There's a lot to say and think about here, so coffee-up, settle-down, sit forward and zone-in.ISO/IEC 27001 barely even acknowledges the RTP. Here are the first two mentions, tucked discreetly under clause 6.1.3: |
Threat
Guideline
|
APT 19
APT 10
|
★★★★
|