Operational risk management has been the buzz word du-jour in recent years, due to the Basel II initiative in the banking industry and Solvency II in the insurance industry. The Basel II definition of operational risk is “the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.” …
Read more »In a previous post Sharing security information I suggested that fragmentation of knowledge is a root cause of security breaches. I was thinking about the problem of sharing data loss information this past week and I realized that we are saturated with solutions, technologies, policies, security frameworks and security standards – COBIT, ISO27001 etc.. The …
Read more »I think FUD is not going to cut it anymore. There is currently no standard, vendor-neutral methodology tp quantify information security risk and justify technology purchases. Maybe during the GFC as budgets dwindle down and threats ratchet up – security analysts will finally get some real work done. In order for a company to decide …
Read more »Kudos to ANSI for publishing a free guide to calculating cyber risk. Better late than never – thousands of security professionals in the world use the Microsoft Threat Modeling Tool and the popular free threat modeling software PTA, to calculate risk in financial terms – not to mention the thousands of other users of risk …
Read more »