Cisco’s Artichoke of Attack
Cisco has their security report up – find it here. My favorite part? ”The Artichoke of Attack”
Cisco has their security report up – find it here. My favorite part? ”The Artichoke of Attack”
Hey, just so you all know, SOIRA is having our lunch (or breakfast) Al-Desko Webex. This month we have the pleasure of watching Chris Hayes show how to use quantitative risk analysis for real, pragmatic business purposes. It’s going to be seriously useful. Join SOIRA here: http://groups.google.com/group/InfoRiskSociety?hl=en for the invite.
First, thanks to everyone who took the unscientific, perhaps poorly worded survey. I appreciate you taking time to help out. I especially appreciate the feedback from the person who took the time to write in: “Learn the proper definition of “Control Systems” as in, Distributed Control Systems or Industrial Control systems. These are the places [...]
Hi, I’m very interested right now in finding the quality of risk analysis as it relates to operational security. If you’re a risk analyst, a security executive, or operational security analyst, would you mind taking a one question survey? It’s on SurveyMonkey, here: http://www.surveymonkey.com/s/GCSXZ2Q”
adapted from the t-shirt seen in the anton corbijn work here. With all apologies to both Paul Morely and Katherine Hamnett. And that’s about all I have to say on the subject.
This GAO Report is a good overall summary of the state of Federal cyber security R&D and why it’s not getting more traction. Their recommendations (p22) aren’t earth-shaking: “…we are recommending that the Director of the Office of Science and Technology Policy, in conjunction with the national Cybersecurity Coordinator, direct the Subcommittee on Networking and [...]
In comments to my “Why I Don’t Like CRISC” article, Oliver writes: CobIT allows to segregate what is called IT in analysable parts. Different Risk models apply to those parts. e.g. Information Security, Architecture, Project management. In certain areas the risk models are more mature (Infosec / Project Management) and in certain they are not [...]