RiskAnalys.is
 
Showing 1-10 of 69 records
 
Expand article

Alex

2009-02-25 07:27:54 by JonesJ in RiskAnalys.is
 
Those of you who are familiar with this blog probably recognize Alex Hutton as THE voice of RMI and FAIR, and for good reason. For over two years now, Alex has earned a reputation as a spirited and thought-leading blogger who regularly pushed the boundaries of conventional wisdom, seeking to help the industry evolve. Unfortunately for RMI, Alex...
 
 
 
 
 
Expand article

Sweet Giveaway: Personal Honey Point License

2009-02-05 10:22:12 by Alex in RiskAnalys.is
 
I have Five licenses for MicroSolved s Personal Honeypoint Honeypot product to give away. Im using the OSX version right now at a coffee shop. From what Brent Huston tells me, you can even arm this thing with their defensive fuzzing plug-in. Great opportunity to get some TEF numbers against your laptop Its available for OSX, Linux, and Windows...
 
 
 
 
 
Expand article

Potpurri: Ponemon, Payment Professionals, Perimeters, & Pete Lindstrom

2009-02-04 18:24:15 by Alex in RiskAnalys.is
 
...information and maybe even gain some representation. Also, Mikes a great, very smart guy IM SKEPTICAL ABOUT INCIDENT LOSS VALUES SOMETIMES The Ponemon study is out. Check out Adams prelim. analysis at EmergentChaos if you havent already DOCUMENTS FOR THE JERICHO-IZATION OF YOUR NETWORK Via Crowmore.se : Onewalldown.com and Cap Gemini have...
 
 
 
 
 
Expand article

A BRIEF ARGUMENT FOR PCI DSS (OR ALEXS 5SS FOR LEAN INFORMATION SECURITY MANAGEMENT)

2009-01-27 13:56:44 by Alex in RiskAnalys.is
 
...Information Security, we should be making relevant control data accessible and easy to understand (SEIMs and GRC arent the only or even best solution here SIMPLIFY - Complexity is the enemy of security. Make the flow of sensitive data as simple to manage as possible STANDARDIZE - Create the processes and guidelines that allow the security...
 
 
 
 
 
Expand article

The Source of PCI DSS Failure

The Article has images
2009-01-23 16:46:36 by Alex in RiskAnalys.is
...SECURITY, OBSCURITY, OBFUSCATION When people argue about security through obscurity, the crux of their argument is that obfuscation is generally ineffective against a determined attacker (1). I think we can explain why using FAIR because the probability of action is high and the contact is intentional (in other words, they are motivated WHAT...
 
 
 
 
 
Expand article

Maturity & Measurement Redux

2009-01-21 15:24:01 by Alex in RiskAnalys.is
 
...security maturity, especially program maturity and not all of them involve measurement 2.) Mike, I challenge you to name one. The act of observation lends itself to judgment, which is in turn measurement. The only way to not measure is to not look. Or maybe youre holding out on us, and the follow up to the Pragmatic CSO is a whole new...
 
 
 
 
 
Expand article

Using The Compliance Stick Actually Weakens You

2009-01-15 13:07:32 by Alex in RiskAnalys.is
 
...security (a.k.a. the amount we can reduce risk) is a byproduct of more than just the technology we employ. In the hundreds of blogs that I subscribe to in our industry, just about once a month somebody writes a post the gently reminds us of this fact. But all this ruminating on the place and purpose of technology begs a rarely answered: If...
 
 
 
 
 
Expand article

A Couple of Links on Risk & Decision Making

2009-01-13 14:57:57 by Alex in RiskAnalys.is
 
...information security and risk management. Theres so much confusion and misinterpretation of probability, accuracy, precision and usefulness that its difficult to see the signal above all the noise An example of which comes to us from The Security Balance blog, in an article offering the premise that Pareto is Killing Security . The author is...
 
 
 
 
 
Expand article

Thoughts on ISO 27005

2009-01-06 17:10:59 by Alex in RiskAnalys.is
 
...Information technology Security techniques Information security risk management Technologies de linformation Techniques de sécurité Gestion du risque en sécurité de linformation As you can probably guess, Ive got opinions. And since were both here (me writing, you reading) why dont I let you know what those are I have a few disagreements...
 
 
 
 
 
Expand article

Moving Towards A Mature Security Organization Using A Measured Approach to Risk Management

2008-12-22 18:09:29 by Alex in RiskAnalys.is
 
...Information Risk Management, and how, if you had a significant portion of your budget allocated to buying more PCI, you were doing it wrong . My premise was that you should be investing in those things that lead to maturity in your IRM Program, and that you could count me among the many that believe that ideally PCI compliance is the result...
 
 
 
 
 
 
Showing 1-10 of 69 records