Tag: Risk Assessment

  • A word to Teva on firing employees and assuring data security

    To be able to do something before it exists, sense before it becomes active, and see before it sprouts. The Book of Balance and Harmony (Chung-ho chi). A medieval Taoist book In early December 2017, the Israeli pharmaceutical generics company Teva announced it would lay off about 1,700 of its employees in Israel, who make up […]

  • Tahrir square – the high-tech version

    From Wired The revolt that started a year ago today in Egypt was spread by Twitter and YouTube, or so the popular conception goes. But a group of Navy-backed researchers has a more controversial thesis:Egyptians were infected by the idea of overthrowing their dictator. Using epidemiological modeling to chart the discussions and their trajectory online is an interesting idea, I don’t […]

  • Security and the theory of constraints

    Security management is tricky.  It’s not only about technical controls and good software development practice. It’s also about management responsibility. If you remember TOC ( Theory of Constraints, invented by Dr. Eli Goldratt about 40 years ago) there is only 1 key constraint that limits system (or company) performance to achieve it’s goal. So – what […]

  • Risk analysis of legacy systems

    A practical, proven methodology for practical risk assessment and security breach risk reduction in enterprise software systems. Click here to download the article Tell your friends and colleagues about us. Thanks!Share this Follow

  • Business context for ISO 27001

    ISO 27001 is increasingly popular because of compliance regulation and the growing need to reduce the operational risk of information security. What ISO 27001 is missing though, is the business context – the ability for an SME to determine the cheapest and most effective security countermeasures and their order of implementation.  Since ISO 27001 certification requires compliance […]

  • How to assess risk – Part I: Asking the right questions

    It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process, a) don’t really understand the notion of risk and b) don’t really care.  Let’s face it – risk is difficult to understand, since it […]

  • Are you still using Excel for risk assessment?

    There is a school of thought that says that you can take any complex problem and break it down like swiss cheese. Risk assessment data collection and analysis with Excel is one of those problems that can’t be swiss-cheesed.  A collection of brittle, unwieldy, two dimensional worksheets is a really bad way of doing multi-dimensional […]

  • Cutting through the marketing b/s of security products

    I think FUD is not going to cut it anymore. There is currently no standard, vendor-neutral methodology tp quantify information security risk and justify technology purchases. Maybe during the GFC as budgets dwindle down and threats ratchet up – security analysts will finally get some real work done. In order for a company to decide […]