SEARCH RESULTS
 
Showing 1-10 of 18 records
 
Expand article

Communicating about risk - part 1

The Article has images
2008-05-05 18:12:14 by JonesJ in RiskAnalys.is
...magnitude is significant When these conditions exist, the low loss event frequency is driven solely by the low threat event frequency. In other words, were not actively managing loss event frequency; were just trusting to luck. If threat event frequency changes (or an event occurs at all), then significant impact will likely occur. An example...
 
Tags: risk, effective, cost-effective risk management, fragile condition exists, condition, unstable condition, risk qualifiers, risk condition, risk chart perspective
 
 
 
 
Expand article

What Are You Managing Towards? (And On Disproving Risk Management)

The Article has images
2008-06-03 14:41:11 by Alex in RiskAnalys.is
...magnitude of loss on an aggregate level, not just within the context of a discreet technical or policy issue That last point is important. And its related to my post today WHAT DO YOU MANAGE TOWARDS This blog is blessed to have some very smart people be part of it. There are security managers from all sorts of industries that read and comment...
 
Tags: management, risk management, term risk management, management focuses, management approach, risk management process, patch management, cost management, upper management
 
 
 
 
Expand article

An improved clock-skew measurement technique for revealing hidden services

The Article has images
2008-06-26 05:12:21 by Steven J. Murdoch in Light Blue Touchpaper
...magnitude above the TCP timestamp case, making the approach I used in the paper effectively infeasible While visiting Cambridge in summer 2007, Sebastian Zander developed an improved clock skew measurement technique which would dramatically reduce the noise of clock-skew measurements from low-frequency clocks. The basic idea, shown below, is...
 
Tags: clock-skew measurement technique, clock, clock-skew, clock transition, clock source, clock skew, magnitude lower noise, tcp, tcp timestamps
 
 
 
 
Expand article

(Not Really) Stateful IT-GRC Inspecting Threat Management At Gigabit Speeds

2008-07-22 14:41:00 by Alex in RiskAnalys.is
 
...magnitude of future loss Then managing the risk inherent in PCI DSS compliance could mean 1.) The expected frequency of being out of compliance and how much that will cost us Because lets face it - being in or out of PCI compliance is still a subjective judgment. First, we have what our ever-qualified assessor says. But in the case of an...
 
Tags: pci risk management, risk management, pci dss, pci dss compliance, risk, risk inherent, management, pci, pci concerns
 
 
 
 
Expand article

What Does SHA1 is Broken Mean?

2007-12-12 07:35:00 by Eric Marvets in The Security Samurai
 
...magnitude easier. SHA1 protects the hash against brute force attacks. It does nothing to protect a user who chooses a poor password A system is only as strong as its weakest link Eric Marvets
 
Tags: sha1, choose sha1, sha1 protects, hash data, data, sha1 drops, hash function, hash, function
 
 
 
 
Expand article

Creating and Entrapping Terrorists

2008-03-05 06:25:43 by schneier in Schneier on Security
 
...magnitude of the alleged attack on JFK -- until he received the help of a federal informant known only as "Source," a convicted drug dealer who was cooperating with federal agents to get his sentence reduced. Backed by the JTTF, Defreitas suddenly obtained the means to travel to the Caribbean, conduct Google Earth searches of JFK's grounds...
 
Tags: terrorist, modern terrorist, hossain, terrorist conspiracies, deal hossain claims, yassin aref, aref, terrorist plot, stop federal agents
 
 
 
 
Expand article

NSA's Domestic Spying

2008-03-26 06:02:18 by schneier in Schneier on Security
 
...magnitude along with the rivers of data that are collected about each of us -- and that's more and more every day More commentary
 
Tags: nsa, data haul, haul, information, transactional information, data, nsa receives, mass data, terrorism information awareness
 
 
 
 
Expand article

Mike Rothman - The 419

The Article has images
2008-02-08 06:31:00 by Mike Rothman in Security Mike's Blog
...magnitude, I think the most important thing is for us to build a strong association between each other so that I can be able to trust you because I have been betrayed by so many people even by my co workers that I have now decided to play my cards very close to my chest. I will like this deal to be secret and confidential. No third party....
 
Tags: capital investment funds, capital investment, funds, capital, magellan capital funds, direct capital funds, investment, stockmarket investment, scottish investment staff
 
 
 
 
Expand article

Seat Belt Usage and Compensating Behavior

2008-04-11 13:44:59 by schneier in Schneier on Security
 
...magnitude of this effect, however, is significantly smaller than the estimate used by the National Highway Traffic Safety Administration. In addition, we do not find significant support for the compensating-behavior theory, which suggests that seat belt use also has an indirect adverse effect on fatalities by encouraging careless driving....
 
Tags: seat belt, seat belt usage, laws, seat belt laws, fatalities, traffic fatalities, inherent risk thermostat, risk, indirect adverse effect
 
 
 
 
Expand article

Communicating about risk - part 2

The Article has images
2008-05-20 16:22:24 by JonesJ in RiskAnalys.is
...Magnitude scales will vary based on the risk capacity/tolerance of the organization These can be useful, but a few challenges Ive encountered with this approach include If the risk point falls barely on one side of the line or the other, do the lines really serve a useful purpose, at least from the perspective of being able to assign a...
 
Tags: risk, managements risk tolerance, enterprise risk tolerance, risk tolerance, likelihood, risk analysis, likelihood connotes, lines, likelihood statement refer