Writing good ad-hoc security assessments – Part 2

Following on from part 1 of this blog series, in this second blog post in my series, I’m asking the question “what should a good ad-hoc risk/impact assessment look like?”

Continue reading “Writing good ad-hoc security assessments – Part 2”

Ten practices to promote forensic readiness

Forensic readiness (FR) is a useful concept that is encountered a great deal in public sector information security, but not so much in the private sector. I’ve enjoyed working with FR policies, and you can too, with the right preparation and direction of travel.

Continue reading “Ten practices to promote forensic readiness”