SEARCH RESULTS
 
Showing 1-10 of 117 records
 
Expand article

Check It Out! FAIR Public Training December 10-12

2008-11-05 15:32:53 by Alex in RiskAnalys.is
 
...FAIR analysis. These are benefits weve only previously reserved for private client workshops I know that FAIR can help you and your organization, but as the sales guys always say, dont take my word for it. Heres something we recently received (unsolicited) from the CSO of one of the 10 largest banks in the US, who has had several of his...
 
Tags: risk management, risk management processes, risk, qualitative risk, risk analysis, fair, public, manage risk, quantitative fair analysis
 
 
 
 
Expand article

Fun From FAIR Training

The Article has images
2008-12-12 18:26:59 by Alex in RiskAnalys.is
...FAIR. FAIR is notoriously applicable, and so we often get some fun analysis. Heres a sample of what we did Risk to average OS X using SMB owner of an OS X virus (hint: think low Sending PII via spreadsheets unencrypted to 3rd party vendors (SS#s to Payroll services Removing the firewall in front of web apps (How Jericho of us Losing a laptop...
 
Tags: risk, fair, risk management approaches, access core assets, 3rd party vendors, power outages, issue management, notoriously applicable, smb owner
 
 
 
 
Expand article

Whats driving the MSSP craze - critical, but non-core functions are fair game for outsourcing

2008-06-13 03:29:37 by HASH0x8bb419c in StillSecure, After All These Years
 
...fair share of the resources in order to do the job. In any event, I think outsourcing security is not just a fad and is here to stay. It will continue to grow in the years to come Just a couple of other things though. Finance is an exception here. Security is a core function in finance, as the security of your money and information is core...
 
Tags: critical, non-core, core, critical activities, non-core activities, activities, security, mssp, outsource core
 
 
 
 
Expand article

UPDATES GALORE! or, THE PRONOUN WE MEANS YOU AND ME!

2008-08-13 15:24:17 by Alex in RiskAnalys.is
 
...FAIR and the movement towards a formal, open standard. Theres a couple of cool things going on in our little risk-world First, The Open Group Security Forum continues to move towards a formal adoption of FAIR WHAT DO YOU MEAN WE - YOU GOT A STANDARDS BODY IN YOUR POCKET OR SOMETHING Our meeting in Chicago a few weeks ago was great, but also...
 
Tags: risk, risk assessment methodologies, security forum, forum, magic-fairy risk, risk standards, fair, risk-world, fair similarly helps
 
 
 
 
Expand article

Risk Management and Analysis Standards Update

2008-06-17 16:51:27 by Alex in RiskAnalys.is
 
...FAIR and Risk Management, and RMI has a new website CISCO WEBINAR UPDATE First, Jacks Webinar with Cisco is Thursday . If you were lucky enough to get a slot, be sure to catch it. If you didnt get a slot but would like to still go, let me know (info at riskmanagementinsightdotcom - subject Webinar RISK MANAGEMENT STANDARDS AND FAIR Second,...
 
Tags: risk management, risk management departments, risk management effort, standards, risk, risk management efforts, risk management issues, security standards, risk management standards
 
 
 
 
Expand article

What Are You Managing Towards? (And On Disproving Risk Management)

The Article has images
2008-06-03 14:41:11 by Alex in RiskAnalys.is
...FAIR in his excellent article in the May 2008 ISSA Journal, Streamlining the Risk Management Process. Three quick things to anyone who has read it and is visiting our blog for the first time We dont believe that the goal of Quantitative Risk Analysis is to be precise. We believe the goal is to be accurate. Subtle but important difference FAIR...
 
Tags: management, risk management, term risk management, management focuses, management approach, risk management process, patch management, cost management, upper management
 
 
 
 
Expand article

The Economics of Finding and Fixing Vulnerabilities in Distributed Systems

2008-11-18 22:47:55 by Gunnar Peterson in 1 Raindrop
 
...fair price, but were also high quality businesses. We will examine high quality in Part 2 of this talk, but first we go to Part 1 which is asset value Why does a talk on finding and fixing vulnerabilities start with valuing assets? The reason is that vulnerabilities are everywhere, we are literally marinating in them. Interesting...
 
Tags: information security, information, information security spends, safety information security, versus information security, information security budgets, information security budget, software security, software security space
 
 
 
 
Expand article

Penetration Testing Not Dead, Probably Just Pining for the Fjord

The Article has embedded video
2008-12-08 15:07:27 by Alex in RiskAnalys.is
 
...fair, Brian does say Death doesnt mean it goes away, it means it transforms. Pen testing will be reborn in the area of production monitoring and measurement Now he doesnt tell me what he means by production monitoring and measurement, but Ill give you my thoughts on the subject HEY, HEY - MY, MY! METASPLOIT WILL NEVER DIE Me, Im very bullish...
 
Tags: threat, threat event frequency, successful threat event, risk, fair, fair risk analyst, risk executive, risk management, threat event
 
 
 
 
Expand article

DRM Scorecard Makes Me Wonder: The Media Industry and the TSA, Sadistic or Incompetent?

2007-08-02 08:19:00 by Eric Marvets in The Security Samurai
 
...Fair Use backups or sharing it on a P2P network Encryption is defined as the science and study of secret writing. What is it that the media industry is trying to keep secret? While we may want I Now Pronounce You Chuck and Larry and Whos Your Caddy to be some sort of secret internal referendum on the crap the entertainment industry regularly...
 
Tags: media industry, industry, media industry views, illogical behavior impedes, drm, behavior, drm scorecard, secret, secret internal referendum