Monthly Archives: April 2023

5. Review Types As any event where someone needs to go through a document with another one, there could be multiple reasons why you need to go through a document with another one. The objectives of any review could be finding defects, gaining understanding, educating participants such as testers and new team members, or discussing […]

1. Static Testing Basics and differences with Dynamic Testing We have mentioned static testing in the first section of this course and said that static techniques test software without executing the software code, while dynamic testing, on the other hand, requires the execution or running of the software. Under test, static testing can be considered […]

51. Third-Party Service Providers We also want to consider thirdparty service providers. I mean, we realize there are going to be times when your organization must outsource. So there are some things we should consider for using third parties. And those are things like does the third party have appropriate controls in place? Is there […]

43. Methods of Valuing Assets Now, as we look at methods of valuing assets, there are some approaches and the approach of doing the valuation is used to basically determine a monetary value. And of course, that might be something that’s easy to do with things like artwork. But another approach is to look at […]

37. Risk Treatment Options Now when we talk about the risk treatment, there are usually four strategic choices for how we deal with risk. The treatment of risk one of course, is that we might just decide, you know what, let’s just terminate whatever that activity is that’s giving rise to the risk. Now, if […]

21. Other Organizational Support Now some of the other I guess that’s always a good category, isn’t it? Other organizational support. So there are in this security industry, in all aspects of the security industry, many different types of subscription services that we can integrate into an information security program and the services are there […]

29. Vulnerabilities Part1 Now, in the term of threats, you’ve heard me say lots of different examples of threats. And, of course, I’ve talked a lot about natural events, the floods and the earthquakes, unintentional events. Well, you could make an argument that fires are generally unintentional. We don’t often plan them unless we’re an […]

14. Technologies We also should take a look at the different technologies, again having that overview. So an information security manager should have good conceptual understanding of some of the following things like application security. Now, when we talk about application security, we can look at it from many different perspectives. It could be very […]

8. Context and Purpose Another aspect of this whole risk management is context and purpose. Now remember, managing risks is usually the responsibility of your information security manager. So the requirements of the risk management program then is pretty much to be able to determine what are the desired outcomes and what are the objectives. […]