Tag Archives: infosec

A Pattern Language for Infosec

Despite the efforts of membership organizations, standards bodies, governments and individual contributors, several pieces of the infosec puzzle remain missing all of these years later. It’s time to get back to solving the question: “What is InfoSec?” Back in 1977, when men were men and the ‘stache was silken and long… Christopher Alexander, Sara Ishikawa […]

The Infosec Technofetish

“To the glory of the blinky lights and shiny things.” ~~marching song of infosec 1999-2011 There are approximately one zillion pieces of hardware and software created for the infosec industry. Despite what the marketing departments tell you, there are really only three kinds of infosec technology: policy enforcement device – firewalls, antivirus, access control systems […]

Metaphors in Policy / Guidance

The biggest part of operational and management security is dealing with Policy / Standards / Guidelines and dealing with cases where the organization or it’s workers do not comply with the written documents. In many infosec programs, this is largely a result of the Policy / Standards / Guidelines being written for the benefit of […]