Aggregated enterprise architecture wisdom
We created the Cookbook for ISO/IEC 27005:2005 for anyone tasked with selecting, performing, evaluating, or developing a risk assessment methodology. I can say with confidence that we have met our goals in creating comprehensive and needed guidance an…
Are you ready to move to the Cloud? Risk management and cost control are two key issues facing CIOs and CTOs today. Both these issues come into play in Cloud Computing, and present an interesting dilemma for IT leaders at large corporations. Continue r…
Listen to our recorded podcast on how enterprises need to change their thinking to face cyber threats, or read the transcript. The podcast was recorded by Dana Gardner of Interarbor Solutions at The Open Group Conference, San Diego 2011. Continue readi…
The Open Group Conference, San Diego: I’ve found these conferences over the past five years an invaluable venue for meeting and collaborating with CIOs, enterprise architects, standards stewards and thought leaders on enterprise issues. It’s one of the few times when the mix of technology, governance and business interests mingle well for mutual benefit. Continue reading →
Security professionals rarely say that things are getting better on the threat side of information security. Underfunding IT security programs is a recipe for disaster. Continue reading →
One challenge with long-running news stories is that it is often difficult to keep track of the “current” bits. Even important news can seem like “old” news because the problem is taking so long to be resolved, or even addressed. Wh…
Supply chain risk needs focus to be able to address the concern. If everything is “a supply chain risk,” then we can’t focus our efforts and hone in on a reasonable, achievable, practical and implementable set of practices that can lead to better supply chain practices for all, and a higher degree of confidence among purchasers. Continue reading →
Can the disciplines of architecture and information security do a better job of co-existence? What would that look like? Can we get to the point where security is truly “built in” versus “bolted on”? Continue reading →
The core dilemma in public cybersecurity: Balancing boundarylessness and data security. The solution isn’t easy, but long-term, it lies in not relying on the security of the pipes or the perimeter, but improving the trust and security of the data itself. Security needs to be associated with data and people; not the connections and routers that carry it. Continue reading →
What do you do when you are full of ideas, are privy to the collaboration initiatives between the top IT, security and EA professionals in the world, and have a lot to say? You start a blog, of course. Welcome … Continue reading →
Jeff Moser has written an excellent article describing how the Advanced Encryption Standard works. He uses an very accessible paradigm – the cartoon. He layers the description starting with a simple overview and progressively getting into m…
Jeff Moser has written an excellent article describing how the Advanced Encryption Standard works. He uses an very accessible paradigm – the cartoon. He layers the description starting with a simple overview and progressively getting into m…