Align Your Security Program With the Business

By Frederick Scholl | September 16, 2016 |

Information security used to be part of IT.  That has changed recently;  security now needs to be independently aligned with the business operations, not just IT operations.  The PCI SSC calls this “Business as Usual” (BAU).  NIST CSF talks about aligning cybersecurity requirements with business activities. I call this process information security governance and maintain…

Read More

Data Governance Anyone?

By Frederick Scholl | January 28, 2011 |

I recently had a scary experience with Amazon.  I regularly order items on this site, and have not had significant problems.  However, yesterday was different.  I was ordering an emergency flashlight and four way travel powerstrip and about to complete my order, when I noticed that the shipping charges totalled $1055.44. See the screenshot to…

Read More