Comments for InfoSecMinds http://infosecminds.com For like-minded people Mon, 12 Dec 2011 06:04:35 +0000 hourly 1 http://wordpress.org/?v=3.3 Comment on ISMS Compliance Checklist by Muhammad Ibrahim Nazish http://infosecminds.com/2008/07/07/isms-compliance-checklist/comment-page-1/#comment-133 Muhammad Ibrahim Nazish Mon, 12 Dec 2011 06:04:35 +0000 http://infosecminds.com/?p=32#comment-133 can you please send me this file to my email address mnazish@gmail.com, as i cannot download this file. thanks in advance. can you please send me this file to my email address mnazish@gmail.com, as i cannot download this file. thanks in advance.

]]> Comment on Classification and labeling – A double edged sword? by Vinod Puthuseeri http://infosecminds.com/2010/05/05/classification-and-labeling-%e2%80%93-a-double-edged-sword/comment-page-1/#comment-132 Vinod Puthuseeri Wed, 07 Dec 2011 16:01:56 +0000 http://infosecminds.com/?p=240#comment-132 Hi Joshua, As you rightly mentioned some of the documents changes its confidentiality classification as time passes. Consider the year end financial information of an organization. What would be the confidentiality before and after publishing their financial results. This would change from confidentiality to public in about a days time. Similarly over a period of time the information need not be as critical as it is now. Hence by changing the classification level, you can further decide on what kind of security controls that document requires. Eventually, you do not want to put the similar security controls for a confidential document and non-confidential document. Hi Joshua,

As you rightly mentioned some of the documents changes its confidentiality classification as time passes. Consider the year end financial information of an organization. What would be the confidentiality before and after publishing their financial results. This would change from confidentiality to public in about a days time.

Similarly over a period of time the information need not be as critical as it is now. Hence by changing the classification level, you can further decide on what kind of security controls that document requires. Eventually, you do not want to put the similar security controls for a confidential document and non-confidential document.

]]> Comment on Risks of Providing Local Admin Privileges to Users by Twinkle http://infosecminds.com/2008/09/17/risks-of-providing-local-admin-privileges-to-users/comment-page-1/#comment-131 Twinkle Wed, 07 Dec 2011 14:58:41 +0000 http://vputhuseeri.wordpress.com/?p=44#comment-131 This is very true. I like the arguments given for both the issues and risks. But for most companies and their networks, I believe that the issues are nothing compared to the risks. Limiting admin access is advisable. This is very true. I like the arguments given for both the issues and risks. But for most companies and their networks, I believe that the issues are nothing compared to the risks. Limiting admin access is advisable.

]]> Comment on Classification and labeling – A double edged sword? by Joshua http://infosecminds.com/2010/05/05/classification-and-labeling-%e2%80%93-a-double-edged-sword/comment-page-1/#comment-130 Joshua Thu, 01 Dec 2011 17:36:09 +0000 http://infosecminds.com/?p=240#comment-130 Hi Vinod, Thank you for writing these nice articles . Quite thought provoking . In the first instance, you mentioned the document was of the year 2006, and later said it should have been reclassified . Could you please tell me what did you mean by "Well why the document not re-classified if it was old…?" . What I thought was , document no matter old or new, confidentiality remains the same ( there are exceptions though, a confidential document a decade ago may not be equally confidential now ) . Kindly excuse me If that was not a sensible question as I'm just a beginner in this domain . Thanks a lot for your time . Hi Vinod,
Thank you for writing these nice articles . Quite thought provoking . In the first instance, you mentioned the document was of the year 2006, and later said it should have been reclassified . Could you please tell me what did you mean by “Well why the document not re-classified if it was old…?” .

What I thought was , document no matter old or new, confidentiality remains the same ( there are exceptions though, a confidential document a decade ago may not be equally confidential now ) . Kindly excuse me If that was not a sensible question as I’m just a beginner in this domain . Thanks a lot for your time .

]]> Comment on The Faces of Fraud: Fighting Back by card payment POS http://infosecminds.com/2010/12/31/the-faces-of-fraud-fighting-back/comment-page-1/#comment-129 card payment POS Fri, 25 Nov 2011 22:01:59 +0000 http://infosecminds.com/?p=280#comment-129 <strong>card payment POS...</strong> [...]The Faces of Fraud: Fighting Back |Information Security & Risk Assessment Blog | InfoSecMinds[...]... card payment POS…

[...]The Faces of Fraud: Fighting Back |Information Security & Risk Assessment Blog | InfoSecMinds[...]…

]]>