securityzed contains opinions and anecdotes about INFOSEC issues. Views expressed herein belong solely to the contributors. Not to be taken as professional advice, or internally.
This week we do a deep and rambling dive into Aaron Schwartz, his attitude toward IP, and JSTOR.
If you or someone you know is experiencing depression or suicidal thoughts, please reach out for help. NAMI (National Alliance on Mental Illness) can provide crisis support or help you find local resources to support your recovery. You don’t have to be in distress to call.
1-800-950-NAMI (6264) or info@nami.org
This is extremely exciting: Robin and I will be hosting a free webinar for New Horizons during their Awareness Month seminar. We'll be doing a live episode of the "The Sensuous Sounds Of INFOSEC" that you can participate in! So, if you ever wanted to be on the show, now's your chance.
Did I mention it's free?
We're going to discuss different INFOSEC certifications, and which pathways might be best for different practitioners. Come check it out, ask questions, and hassle us.
Also, you don't have to pay for it.
We look forward to seeing you there!
https://register.gotowebinar.com/register/3599988395504979725
There are also some other sessions being offered by excellent presenters:
https://bangor.newhorizons.com/resources/free-webinars
Roger Ison-Haug is the head of Berigo AS, a Norwegian audit and consulting firm. [https://www.berigo.as/?lang=en] We also consider him a good friend, and he is one of the three people who listen to the show.
International audit/standards organizations mentioned during the episode:
- ISO (the International Organization for Standardization, which is odd, considering how it’s abbreviated) [https://www.iso.org/home.html]: a global standards body that publishes standards for performing just about every kind of human activity possible. Standards discussed on the show include:
-- The 9000 series: The Total Quality standards (sometimes referred to as “Total Quality Management (TQM),” or “Quality Management Systems (QMS),” collectively)
-- The 27000 series: Standards for information security, often referred to as the “Information Security Management System (ISMS),” which is actually the name of one of the standards in that series, 27001
- ISACA (originally the Information Systems Audit and Control Association, but has now legally changed its name to the abbreviation) [isaca.org]: Originally an American standards body that addressed information systems audit and security for manufacturing systems, but has since evolved into an international IT security and management standards body. Famous for:
-- Professional certifications, such as the CISA (certified information systems auditor) and CISM (certified information security manager) [full disclosure: Ben has the CISM certification]
-- Audit and governance standards, particularly the (unfortunately named) COBIT 19 standard (control objectives for information and related technologies)
In this episode, we discuss the initial steps a small/medium-sized business might take to institute an INFOSEC program. Topics include: identifying assets, determining risks, and conducting a Buiness Impact Analysis.
This episode is dedicated to the dyeti.
The text of the proposed bill: https://www.judiciary.senate.gov/imo/media/doc/S.4051%20Lawful%20Access%20to%20Encrypted%20Data%20Act.pdf
The Russians give up blocking Telegram: https://www.reuters.com/article/us-russia-telegram-ban-idUSKBN23P2FT
Skynet is racist: https://reason.com/2020/06/25/wrongful-arrest-in-detroit-demonstrates-why-police-use-of-facial-surveillance-technology-must-be-banned/