Shostack + Friends Blog Archive


Information Security Risk: A Conversation with CSO

Earlier this month, I spoke with Derek Slater:

In early 2008, Adam Shostack and Andrew Stewart released the book The New School of Information Security. And they launched a blog in support of the book and its message.

I wondered about how Shostack perceives the state of IT risk management now, and whether he thinks progress is being made. Here are the highlights of what he told me

Information security risk: A conversation with Adam Shostack.