Being an InfoSec Professional / Cybersecurity

The other shoe drops: NIST issues version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity

Posted on March 2, 2014 by David Sheidlower • 1 Comment

It’s ironic that the new publication from NIST does not have an 800 series numeric designation. Not that it needs to, but here we all are using those numbers as shorthand (e.g., “I took an 800-30 July 2002 approach because revision 1 from 2012 just seemed too complex for the environment”, “We are looking to … Continue reading →

Being an InfoSec Professional / Cybersecurity

Let’s stop measuring risk

Posted on November 30, 2013 by David Sheidlower • 2 Comments

Ok, I don’t quite mean that. What I mean is let’s stop using residual risk as the final product of the risk measurement calculation. Let’s consider a more pragmatic formula. This is going to seem sacrilegious to NIST and the VERIS guys will probably just think I am being quaint, but I am serious. I … Continue reading →

Being an InfoSec Professional / Cybersecurity

Where Chicken Little Went Wrong

Posted on August 11, 2013 by David Sheidlower • 2 Comments

This is about the fundamental formula for assessing risk. I saw a post on a LinkedIn Group the other day, a group where myself and about 39,000 of my closest colleagues (more on them later) exchange ideas around IT Governance and related issues, and I made a comment which led to a discussion which brought … Continue reading →

{Cyber Security}

right here- where information security is combined with humanism. By David Sheidlower

Tag Archives: NIST 800-30

The other shoe drops: NIST issues version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity

Let’s stop measuring risk

Where Chicken Little Went Wrong