From Wired The revolt that started a year ago today in Egypt was spread by Twitter and YouTube, or so the popular conception goes. But a group of Navy-backed researchers has a more controversial thesis:Egyptians were infected by the idea of overthrowing their dictator. Using epidemiological modeling to chart the discussions and their trajectory online is an interesting idea, I don’t …
Read more »Security management is tricky. It’s not only about technical controls and good software development practice. It’s also about management responsibility. If you remember TOC ( Theory of Constraints, invented by Dr. Eli Goldratt about 40 years ago) there is only 1 key constraint that limits system (or company) performance to achieve it’s goal. So – what …
Read more »If you’re a a information security and compliance analyst, we have an offer that cannot be beat. Get PTA ( Practical Threat Analysis) Professional software from our colleagues at Practical Threat Analysis Technologies totally free for one year. After the year is up, just drop them an email, and you’ll get a free license renewal. When you …
Read more »A practical, proven methodology for practical risk assessment and security breach risk reduction in enterprise software systems. Click here to download the article
Read more »ISO 27001 is increasingly popular because of compliance regulation and the growing need to reduce the operational risk of information security. What ISO 27001 is missing though, is the business context – the ability for an SME to determine the cheapest and most effective security countermeasures and their order of implementation. Since ISO 27001 certification requires compliance …
Read more »It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process, a) don’t really understand the notion of risk and b) don’t really care. Let’s face it – risk is difficult to understand, since it …
Read more »There is a school of thought that says that you can take any complex problem and break it down like swiss cheese. Risk assessment data collection and analysis with Excel is one of those problems that can’t be swiss-cheesed. A collection of brittle, unwieldy, two dimensional worksheets is a really bad way of doing multi-dimensional …
Read more »I think FUD is not going to cut it anymore. There is currently no standard, vendor-neutral methodology tp quantify information security risk and justify technology purchases. Maybe during the GFC as budgets dwindle down and threats ratchet up – security analysts will finally get some real work done. In order for a company to decide …
Read more »The VCs all around are saying we’re headed into a nuclear winter. What kind of risk are you creating when you fire the IT security officer? When a company decides to fire a big piece of it’s work force – it’s to reduce costs in anticipation of reduced revenues. Risk management and IT governance runs …
Read more »