Security Policy Exceptions

Not long ago, I was reading a debate on a Linkedin.com forum discussing all kinds of edge cases that some participants were arguing needed to be considered in a security policy regarding some particular aspect of security.  In fact, I forget what the issue was, but it was clear that … Continue reading

Skype in the Enterprise

The following excerpt is a thread from a discussion on Linkedin in the Information Security Community group. This discussion was the impetus for my article Is Skype Secure?  which includes an assessment of Skype Sceurity Risks and an assessment methodology. Question: Anybody using Skype yet at an enterprise level? If so, … Continue reading

Separation of Duties in Scrum Software Development

The following excerpt is a thread from a discussion on Linkedin in the CISSP group.  I repost it because I think that it is an important consideration for organizations incorporating agile techniques into their Software Development Life Cycle (SDLC).  Date: October 5, 2010 Question: I am looking for some input … Continue reading

  • The postings and views on this site are my own and do not necessarily reflect the positions, strategies, or opinions of any current or previous employer.