What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-15 12:40:00 | Topic-specific policy 4/11: information transfer (lien direct) |  "Information transfer" is another ambiguous, potentially misleading title for a policy, even if it includes "information security". Depending on the context and the reader's understanding, it might mean or imply a security policy concerning:Any passage of information between any two or more end points - network datacommunications, for instance, sending someone a letter, speaking to them or drawing them a picture, body language, discussing business or personal matters, voyeurism, surveillance and spying etc.One way flows or a mutual, bilateral or multilateral exchange of information.Formal business reporting between the organisation and some third party, such as the external auditors, stockholders, banks or authorities.Discrete batch-mode data transfers (e.g. sending backup or archival tapes to a safe store, or updating secret keys in distributed hardware security modules), routine/regular/frequent transfers (e.g. strings of network packets), sporadic/exceptional/one-off transfers (e.g. subject access requests for personal information) or whatever. Transmission of information through broadcasting, training and awareness activities, reporting, policies, documentation, seminars, publications, blogs etc., plus its reception and comprehension. Internal communications within the organisation, for example between different business units, departments, teams and/or individuals, or between layers in the management hierarchy."Official"/mandatory, formalised disclosures to authorities or other third parties.Informal/unintended or formal/intentional communications that reveal or disclose sensitive information (raising confidentiality concerns) or critical information (with integrity and availability aspects). Formal provision of valuable information, for instance when a client discusses a case with a lawyer, accountant, auditor or some other professional. Legal transfer of information ownership, copyright etc. between parties, for example when a company takes over another or licenses its intellectual property.Again there are contextual ramifications. The nature and importance of information transfers differ between, say, hospitals and health service providers, consultants and their clients, social media companies and their customers, and battalion HQ with operating units out in the field. There is a common factor, however, namely information risk. The in |
General Information Guideline | APT 17 | |
|
2018-03-18 22:26:09 | NBlog March 18 - building a sausage machine (lien direct) |  We've been engaged to write a series of awareness materials on a variety of information security topics - a specific type of awareness product that we haven't produced before. So the initial part of the assignment is to clarify what the client wants, come up with and talk through our options, and draft the first one. That's my weekend spoken for!Once the first one is discussed, revised and agreed, stage two will be to refine the production process so future products will be easier and quicker to generate, better for the client and better for us.Like sausages. We're building a sausage machine. We'll plug in a topic, turn the handle and extrude a perfectly-formed sausage every time.Sounds fine in theory but on past experience that's not quite how it will work out, for two key reasons:Since the topics vary, the content of the awareness product will vary, naturally ... but so too may the structure and perhaps the writing style. Awareness content on, say, viruses or passwords is conceptually and practically a bit different to that on, say, privacy or cybersecurity. The breadth and depth of cover affects how we write, so the machine needs some 'give'. It can't be too rigid.As the string of sausages gets ever longer, we will continually refine the machine and think up new wrinkles ... which may even mean going back and reforming some of the early products. It's possible an entirely new approach may emerge as we progress, but more likely it will evolve and mature gradually. What starts out producing a string of plain beef sausages may end up churning out Moroccan lamb and mint - still definitely sausages but different flavours. Knowing that, now, the sausage machine has to be capable of being modified to some extent in the future, within certain constraints since the customer expects a reasonably consistent product. Some features being designed into the process today will remain in a month or three, while others will evaporate to be replaced by others and we're cool with that. Hopefully the client will be too!In more practical terms, the sausage machine itself consists of |
General Information | ||
|
2018-03-13 21:27:39 | NBlog March 13 - normal service ... (lien direct) |  ... will be resumed, soon. We've been slaving away on a side project, putting things in place, setting things up, trying things out. It's not quite ready to release yet - more tweaking required, more polishing, lots more standing back and admiring from a distance - but it's close. |
General Information | ||
|
2018-03-08 10:37:08 | NBlog March 8 - brainstorming awareness ideas (lien direct) |  At this early stage of the month, although we have some ideas in mind for the content of the next awareness module, they are unstructured. We need to clarify the scope and purpose of the module, developing themes to pull things together and 'tell the story'.Mind mapping is our favourite technique for that: we sketch out the topic area on a single sheet starting from a central topic word ("Assurance" this month) and arranging a few major themes around it, connecting the words to show their relationships. On paper, it starts out simply like this with 3 key themes: Then we expand on those initial themes with further details ... ... and keep going until we run short of inspiration and decide to move ahead to the next stage ... |
General Information | ★★ |
1
We have: 4 articles.
We have: 4 articles.
To see everything:
Our RSS (filtrered)
