Our Blog Got High Ratings!
Tooting our own horn on Monday morning, the excellent Thinking Problem Management blog gave us their coveted 5 pineapple rating
In your face, RISKS Digest
RiskAnalys.is
 |  |
 |  |
 |  |
 |
Showing 1-10 of 46 records
| |
| |
| |
|
Why Risk Management Doesnt Work (?!)
...information. As it relates to the Dark Reading piece, a coarse summary would be that likelihood is different for different people and so you cant use the same likelihood across different industries
Distilled through the lens of FAIR
different threat communities may be applicable based on Probability of Action factors which include: Value,...
| |
| |
| |
|
Around The Web For Friday
...security control to prevent an exploit. Not only that, but even when it is difficult to collect data on what didnt happen, one can devise experiments to tell how frequently that nothing occurred
Good analysis is all about the uncertainty. Speaking of accounting for uncertainty
Assets Good Until Reached For by Gunnar Peterson
If you have a...
| |
| |
| |
|
One Mans Frustrations With Risk Management
...information for your risk management methodology is a vulnerability scanner - youre doing it wrong . Chris writes
So we ran a scan and now we have a report. A snapshot in time to make all decisions. Where did these vulnerability ratings come from? Do I even know if my system is at risk? What if I spend my time on vulnerabilities that have no...
| |
| |
| |
|
So Logically, If She Weighs The Same As A DuckShes A Witch!
...Information Security should be only qualitative
Now Ive been accused of being a quant in the past (hi rybolov!) but in reality the only dogs I have in this fight are the model and the application of scientific method - and really, ethically speaking, I have to be tied to the latter while applying the former
And I see a false dichotomy in this...
| |
| |
| |
|
Hansei and the CISO
...security management. Today is a good day to talk about what should we be reflecting about , and what is needed for reflection
I say today is a good day for two reasons: 1.) BTs CSO Jill Knesek wrote an article called Keys to establishing an end-to-end security strategy which begs some discussion within context, and 2.) Sara Peters on Twitter...
| |
| |
| |
|
Best, Good, Standard Practices
Its like Scott knew it was my birthday and wrote a special comic just for me
| |
| |
| |
|
Risk and CVSS
Chris Hayes is taking me to town in terms of risk content with his last two posts on Risk & CVSS . I told you his blog was going to be a good one
| |
| |
| |
|
Gemba & The Journey
...information for use in analysis. For risk we have to also journey back to the production line, or, in our case, to the application/LOB owner. It may also be to corporate counsel, to marketing, to all sorts of other places in the enterprise because probable losses (a necessary measurement we need in order to understand risk) may come from many...
| |
| |
| |
|
Relentless Reflection - What it Means in Risk Management
...information security where significant visibility and insight about the environment is needed for complete information (get bullish on Log Management is my recommendation
HANSEI STEPS ADAPTED TO INFORMATION SECURITY
This is one of those quality control concepts that we can mangle adopt. At Toyota, Hansei-Kaizen includes the following basic...