ENISA, The European Network and Information Security Agency has released a useful report on how to convince the senior management to support and invest in security initiatives.

Verizon recently released a landmark research paper titled "2008 Data Breach Investigations Report" based on a study done by their Business RISK Team. The paper is freely available and is the first of its kind. In short, it provides significant insights into data breaches based on more than 500 forensic engagements handled by the Verizon Business Investigative Response team.

CIO.com has an interesting article about selling security solutions from Bruce Schneier, a prominent security expert. He describes the difference between Utility Theory and Prospect Theory as applied to human beings.

The law enforcing agency, Central Bank of Sri Lanka has released a draft document on "Corporate Governance for Registered Financial Companies".

International Organization for Standardization (ISO) adopted a revised version of AS 8015 as the world standard for IT Governance. The new standard is ISO/IEC 38500.