RiskAnalys.is
 
Showing 1-10 of 46 records
 
Expand article

Our Blog Got High Ratings!

The Article has images
2008-10-13 15:02:40 by Alex in RiskAnalys.is
Tooting our own horn on Monday morning, the excellent Thinking Problem Management blog gave us their coveted 5 pineapple rating In your face, RISKS Digest
 
 
 
 
 
Expand article

Why Risk Management Doesnt Work (?!)

2008-10-08 17:15:14 by Alex in RiskAnalys.is
 
...information. As it relates to the Dark Reading piece, a coarse summary would be that likelihood is different for different people and so you cant use the same likelihood across different industries Distilled through the lens of FAIR different threat communities may be applicable based on Probability of Action factors which include: Value,...
 
 
 
 
 
Expand article

Around The Web For Friday

2008-09-26 12:56:15 by Alex in RiskAnalys.is
 
...security control to prevent an exploit. Not only that, but even when it is difficult to collect data on what didnt happen, one can devise experiments to tell how frequently that nothing occurred Good analysis is all about the uncertainty. Speaking of accounting for uncertainty Assets Good Until Reached For by Gunnar Peterson If you have a...
 
 
 
 
 
Expand article

One Mans Frustrations With Risk Management

2008-09-23 18:05:20 by Alex in RiskAnalys.is
 
...information for your risk management methodology is a vulnerability scanner - youre doing it wrong . Chris writes So we ran a scan and now we have a report. A snapshot in time to make all decisions. Where did these vulnerability ratings come from? Do I even know if my system is at risk? What if I spend my time on vulnerabilities that have no...
 
 
 
 
 
Expand article

So Logically, If She Weighs The Same As A DuckShes A Witch!

The Article has images
2008-09-18 14:59:47 by Alex in RiskAnalys.is
...Information Security should be only qualitative Now Ive been accused of being a quant in the past (hi rybolov!) but in reality the only dogs I have in this fight are the model and the application of scientific method - and really, ethically speaking, I have to be tied to the latter while applying the former And I see a false dichotomy in this...
 
 
 
 
 
Expand article

Hansei and the CISO

The Article has images
2008-09-16 17:47:47 by Alex in RiskAnalys.is
...security management. Today is a good day to talk about what should we be reflecting about , and what is needed for reflection I say today is a good day for two reasons: 1.) BTs CSO Jill Knesek wrote an article called Keys to establishing an end-to-end security strategy which begs some discussion within context, and 2.) Sara Peters on Twitter...
 
 
 
 
 
Expand article

Best, Good, Standard Practices

The Article has images
2008-09-03 11:52:13 by Alex in RiskAnalys.is
Its like Scott knew it was my birthday and wrote a special comic just for me
 
 
 
 
 
Expand article

Risk and CVSS

2008-09-02 17:33:24 by Alex in RiskAnalys.is
 
Chris Hayes is taking me to town in terms of risk content with his last two posts on Risk & CVSS . I told you his blog was going to be a good one
 
 
 
 
 
Expand article

Gemba & The Journey

2008-08-28 17:27:40 by Alex in RiskAnalys.is
 
...information for use in analysis. For risk we have to also journey back to the production line, or, in our case, to the application/LOB owner. It may also be to corporate counsel, to marketing, to all sorts of other places in the enterprise because probable losses (a necessary measurement we need in order to understand risk) may come from many...
 
 
 
 
 
Expand article

Relentless Reflection - What it Means in Risk Management

2008-08-26 17:55:40 by Alex in RiskAnalys.is
 
...information security where significant visibility and insight about the environment is needed for complete information (get bullish on Log Management is my recommendation HANSEI STEPS ADAPTED TO INFORMATION SECURITY This is one of those quality control concepts that we can mangle adopt. At Toyota, Hansei-Kaizen includes the following basic...