Cisco’s Artichoke of Attack
by alex on July 23, 2010
Cisco has their security report up – find it here. My favorite part? ”The Artichoke of Attack”
Society of Information Risk Analysts Webex/Meeting Tomorrow
by alex on July 14, 2010
Hey, just so you all know, SOIRA is having our lunch (or breakfast) Al-Desko Webex. This month we have the pleasure of watching Chris Hayes show how to use quantitative risk analysis for real, pragmatic business purposes. It’s going to (…)
Survey Results
by alex on July 13, 2010
First, thanks to everyone who took the unscientific, perhaps poorly worded survey. I appreciate you taking time to help out. I especially appreciate the feedback from the person who took the time to write in: “Learn the proper definition of (…)
Risk -> Operational Security Survey
by alex on July 12, 2010
Hi, I’m very interested right now in finding the quality of risk analysis as it relates to operational security. If you’re a risk analyst, a security executive, or operational security analyst, would you mind taking a one question survey? It’s (…)
War’s Common Goal, What Remains Are Only The Values of Culture
by alex on July 8, 2010
adapted from the t-shirt seen in the anton corbijn work here. With all apologies to both Paul Morely and Katherine Hamnett. And that’s about all I have to say on the subject.
GAO report on the state of Federal Cyber Security R&D
by Russell on July 7, 2010
This GAO Report is a good overall summary of the state of Federal cyber security R&D and why it’s not getting more traction. Their recommendations (p22) aren’t earth-shaking: “…we are recommending that the Director of the Office of Science and (…)
ISACA CRISC – A Faith-Based Initiative? Or, I Didn’t Expect The Spanish Inquisition
by alex on July 2, 2010
In comments to my “Why I Don’t Like CRISC” article, Oliver writes: CobIT allows to segregate what is called IT in analysable parts. Different Risk models apply to those parts. e.g. Information Security, Architecture, Project management. In certain areas the (…)