I used to think of info classification as a useless over-simplification. Information has unique properties which couldn't be reflected by association to predefined classes.
Sure enough - having info represented by classes is a simplification. But these days I see merit in the practice.
Classification fosters dialogue about the sensitivity of info. A process owner might not know his security requirements but I can get him started by asking: where is integrity more important - for info type x or type y?
2016-09-26
2016-09-19
lots of hot air
What's up with the climate? After triumphant reports from COP 21, are we making progress?
It's a painstaking process. Right now it's about ratifying - confirming that we really have agreed.
Lots of hot air, if you will. Meanwhile, we're poised for another record year in global temperature.
Today's politicians will have to solidarily "sell" mitigation with no measurable reward until decades later.
Seeing is believing. From talk to policy to practice. But it's our only chance. How will you contribute today?
It's a painstaking process. Right now it's about ratifying - confirming that we really have agreed.
Lots of hot air, if you will. Meanwhile, we're poised for another record year in global temperature.
Today's politicians will have to solidarily "sell" mitigation with no measurable reward until decades later.
Seeing is believing. From talk to policy to practice. But it's our only chance. How will you contribute today?
promise to agree > agree > promise to implement > face the voters > implement > measure effect. simple as that. #COP22 #ClimateDiploWeek— per stromsjo (@stromsjo) September 16, 2016
2016-09-12
quality of constructions - or construction of quality
What is architecture?
To some, it's a structured way of elaborating an implementation through a series of abstractions.
To some, it's about classifying, capturing similarities in different implementations.
SIG Security recently launched a study circle "IT-arkitektur" based on a topical book.
I look forward to our sharing thoughts on the "enterprise", "business" and "solution" aspects of architecture. The book is not about security per se but we'll surely be reading with our "security glasses" on.
To some, it's a structured way of elaborating an implementation through a series of abstractions.
To some, it's about classifying, capturing similarities in different implementations.
SIG Security recently launched a study circle "IT-arkitektur" based on a topical book.
I look forward to our sharing thoughts on the "enterprise", "business" and "solution" aspects of architecture. The book is not about security per se but we'll surely be reading with our "security glasses" on.
@sigsecuritysv lovande första kväll i bokcirkeln om #arkitektur. många perspektiv och abstraktionsnivåer. pangstart med intro av @dakenine.— per stromsjo (@stromsjo) September 6, 2016
2016-09-05
Strategisk informationssäkerhet
Strategic Infosec is one of four Infosec courses with DF Kompetens where I'm privileged to be teaching.
Participants from both public and private sector discussed their way through three days of theory with a couple of exercises about a fictitious company where there is room for improvement in security. Invited lecturers added their insight on how to navigate in the legal landscape as well as on media and dealing with journalists in a crisis.
The next course will be Operative Infosec, Stockholm in October.
Participants from both public and private sector discussed their way through three days of theory with a couple of exercises about a fictitious company where there is room for improvement in security. Invited lecturers added their insight on how to navigate in the legal landscape as well as on media and dealing with journalists in a crisis.
The next course will be Operative Infosec, Stockholm in October.
fine 1st course day on Strategic Infosec with @DFKompetens. discussing challenges, means and methods in very different organizations. #gnite— per stromsjo (@stromsjo) August 31, 2016
2nd day of Strategic Infosec with @DFKompetens. legal matters. data protection #GDPR in the crystal ball. assets, classification and risk.— per stromsjo (@stromsjo) September 1, 2016
3rd Strategic Infosec day with @DFkompetens. handling the truth with journalists. crisis, media logic and rhetoric. motivate investment.— per stromsjo (@stromsjo) September 2, 2016
2016-09-02
thieves with an attitude
- I don't understand why so many people take this personally!?
A stylish gentleman, who had just inconspicuously entered the subway on my ticket instead of buying his own, tried to soften my irritation by arguing that neither I nor anyone else had paid for his ride. No one pays, he explained. A new economy indeed! So, why should I bother? It took me a while to figure out his logic: why would anyone care about something which does not affect him?
That, my dear well-dressed youngster, is not how we built a society.
A stylish gentleman, who had just inconspicuously entered the subway on my ticket instead of buying his own, tried to soften my irritation by arguing that neither I nor anyone else had paid for his ride. No one pays, he explained. A new economy indeed! So, why should I bother? It took me a while to figure out his logic: why would anyone care about something which does not affect him?
That, my dear well-dressed youngster, is not how we built a society.
Subscribe to:
Posts (Atom)
