Risk management | Software Associates.

Reducing risk of major data loss events

Posted in: Physical security, Risk Assessment, Risk management, Risk mitigation|Tags: Data retention, Homeland Security, Islamic Terror, nuc, Obama, Palestinian violence, Risk management|By: Danny Lieberman|June 18, 2009No Comments

Martin Hellman (of Diffie Hellman) fame maintains the Nuclear Risk web site and has written a very insightful piece on risk analysis of nuclear war entitled Soaring, cryptography and nuclear weapons Hellman proposes that we need a third state scenario (instead current state – > nuclear war) where the risk of nuclear holocaust has been …

World Recession and Japan

Posted in: Risk management|Tags: Japan, Risk management|By: Danny Lieberman|January 16, 2009No Comments

Courtesy of my buddy Todd Walzer from iLand6 in Japan -This week the Nikkei reported that Japanese industry will cut IT spending 20-30% in 2009.Q3 2008 was the 2nd consecutive quarter the economy shrank, albeit by only 0.1%.The recession in Japan is less severe than in the West, for a few reasons:

Understanding culture reduces risk

Posted in: Privacy, Risk Assessment, Risk management, Risk mitigation|Tags: corporate culture, People Risk, Risk and strategy, Risk management|By: Danny Lieberman|January 5, 20093 Comments

It’s during the war on Hamas in Gaza and I got on a thread on a blog about why Islam is so violent. I explained that there are fundamental ideological differences between Islam and Judaism. For starters – Islam values land but not human life, Jews value human life and are willing to compromise on …

The death of risk assessment

Posted in: Compliance, Data leakage, Information security, Risk management|Tags: Blood diamonds, business threat modeling, data breach, Data loss, data security, Risk management, T.I.A.|By: Danny Lieberman|November 21, 200810 Comments

We saw the movie “Blood Diamonds” last night; the way some companies practice IT risk management reminds me of TIA – “This is Africa”. Joseph Granneman talks about some of the problems with conventional IT risk assessment on Searchsecurity.com Risk assessment, as currently practiced in information security, is dead. I’m not saying we need to …

Deciding how much Risk is Acceptable

Posted in: Data leakage, Information security, Risk Assessment, Risk management|Tags: Control Policy, ISO 27001, RIF, Risk and strategy, Risk Assessment, Risk management|By: Danny Lieberman|November 19, 20081 Comment

The VCs all around are saying we’re headed into a nuclear winter. What kind of risk are you creating when you fire the IT security officer? When a company decides to fire a big piece of it’s work force – it’s to reduce costs in anticipation of reduced revenues. Risk management and IT governance runs …

What risks really count for your business?

Posted in: Risk management, Threat modeling|Tags: Business alignment, business threat modeling, Data loss, DLP, Risk management, SME|By: Danny Lieberman|November 2, 2008No Comments

Is there a “black-box” security solution for the business? What risks really count for your business? No question is more important for implementing an effective program of security countermeasures. The management, IT and security practioners cannot expect to mitigate risk effectively without knowing the sources and cost of threats to the organization. We all depend …

Risk management – bringing brick and mortar security to IT

Posted in: Risk management|Tags: Business alignment, COBIT, COSO, Internal security, Physical security, Risk management|By: Danny Lieberman|October 30, 20081 Comment

I was talking with a prospect yesterday who is an information security manager; extremely professional and creative at what he does. In the course of the conversation, I realized that there are fundamental differences in mentality between IT and Security practitioners. Back when I wrote COBOL/CICS applications for Tadiran Information systems – some of our …

Archives