Thinking about Cloud Security & Vulnerability Research: Three True Outcomes
by alex on June 28, 2010
When opining on security in “the cloud” we, as an industry, speak very much in terms of real and imagined threat actions. And that’s a good thing: trying to anticipate security issues is a natural, prudent task. In Lori McVittie’s (…)
RiskIT – Does ISACA Suffer From Dunning-Kruger?
by alex on June 25, 2010
Just to pile on a bit…. You ever hear someone say something, and all of the sudden you realize that you’ve been trying to say exactly that, in exactly that manner, but hadn’t been so succinct or elegant at it? (…)
CRISC? C-Whatever
by Chandler on June 24, 2010
Alex’s posts on Posts on CRISC are, according to Google, is more authoritative than the CRISC site itself: Not that it matters. CRISC is proving itself irrelevant by failing to make anyone care. By way of comparison, I googled a (…)
CRISC -O
by alex on June 24, 2010
PREFACE: You might interpret this blog post as being negative about risk management here, dear readers. Don’t. This isn’t a diatrabe against IRM, only why “certification” around information risk is a really, really silly idea. Apparently, my blog about why (…)
Bleh, Disclosure
by alex on June 22, 2010
Lurnene Grenier has a post up on the Google/Microsoft vunlerability disclosure topic. I commented on the SourceFire blog (couldn’t get the reminder from Zdnet about my password, and frankly I’m kind of surprised I already had an account – so (…)
Measuring The Speed of Light Using Your Microwave
by alex on June 21, 2010
Using a dish full of marshmallows. We’re doing this with my oldest kids, and while I was reading up on it, I had to laugh out loud at the following: …now you have what you need to measure the speed (…)
Alex on Science and Risk Management
by adam on June 17, 2010
Alex Hutton has an excellent post on his work blog: Jim Tiller of British Telecom has published a blog post called “Risk Appetite, Counting Security Calories Won’t Help”. I’d like to discuss Jim’s blog post because I think it shows (…)
Breach Laws & Norms in the UK & Ireland
by adam on June 14, 2010
Ireland has proposed a new Data Breach Code of Practice, and Brian Honan provides useful analysis: The proposed code strives to reach a balance whereby organisations that have taken appropriate measures to protect sensitive data, e.g. encryption etc., need not (…)
Excellent Post On Maturity Scale for Log Management
by alex on June 8, 2010
http://raffy.ch/blog/2010/06/07/maturity-scale-for-log-management-and-analysis/ Raffael Marty’s great post on how to measure the maturity level for your log management program. Excellent as always.
Thanks!
by adam on June 3, 2010
Andrew and I want to say thank you to Dave Marsh. His review of our book includes this: I’d have to say that the first few pages of this book had more of an impact on me that the sum (…)