Changing Information Security Paradigm

July 31st, 2008 Jasjit Posted in All Posts, Information Security No Comments »

Traditionally, information security has been handled by deploying technology solutions and through information technology management and governance processes. Rarely, has any organization looked at this subject as an extension of overall business and as a contributor to bottom line by assessing and managing information security related risks proactively.

Most of the professionals handling information security for various organizations are either technology professionals or from similar background. The success of an information security program Read more »


A case of Identity Theft

July 16th, 2008 Jasjit Posted in All Posts, Information Security No Comments »

Last week, one of my very close friends called me for an advise on something strange and disturbing. He received a call from a lawyer representing his mobile telephone service provider informing him that he was required to appear before a court in Delhi for a hearing, as he had not paid his telephone bill. He was also informed that he was not traceable for last  one and half years and hence court summons could not be served. Read more »


ISO 27001 Common Mistakes

January 31st, 2008 Jasjit Posted in All Posts, Information Security No Comments »

David Watson, one of the earliest exponents of the ISO 27001 standard and one of the most well known industry figures highlights some of the most common errors and mistakes in Information Security Management Systems, he has encountered over recent years:

  1. There is frequently a lack of traceability of the controls in the Statement of Applicability (SoA) to the Risk Assessment and Treatment Process (and back to the SoA);

  2. Risk Assessments often just look at technical risks and forget that the organization is a business with business risks;

    Read more »