Threat Modeling Fails In Practice
Would be interested in readers thoughts on Ian G’s post here: https://financialcryptography.com/mt/archives/001357.html
Would be interested in readers thoughts on Ian G’s post here: https://financialcryptography.com/mt/archives/001357.html
I got an email from my friend John Johnson who is doing a survey about metrics. If you have some time, please respond… ———————————————————————————————————————————————— I am seeking feedback from others who may have experience developing and presenting security metrics to various stakeholders at their organization. I have a number of questions I’ve thought of, and [...]
Via Nathan Yau’s awesome Flowing Data blog.
Norm Marks of the famous Marks On Governance blog has posted his 2012 wishlist. His blog limits the characters you can leave in a reply, so I thought I’d post mine here. 1. Norm Wishes for “A globally-accepted organizational governance code, encompassing both risk management and internal control” Norm, if you mean encompassing both so [...]
From Keith Weinbaum, Director of Information Security of Quicken Loans Inc. https://www.quickenloanscareers.com/web/ApplyNow.aspx?ReqID=53545 From the job posting: WARNING: If you believe in implementing security only for the sake of security or only for the sake of checking a box, then this is not the job for you. ALSO, if your primary method of justifying security solutions [...]
from Biostatistics Ryan Gosling Including my favorite: Thanks to my friend Bob Rudis for the headsup.
In possibly the worst article on risk assessment I’ve seen in a while, David Lacey of Computerworld gives us the “Six Myth’s Of Risk Assessment.” This article is so patently bad, so heinously wrong, that it stuck in my caw enough to write this blog post. So let’s discuss why Mr. Lacey has no clue [...]
Ben Sapiro showed off his Binary Risk Assessment (BRA) at SecTor recently. While I didn’t see the presentation, I’ve taken some time and reviewed the slides and read through the documentation. I thought I’d quickly give my thoughts on this: It’s awesome and it sucks. IT’S AWESOME That’s not damning with faint praise, rather, it’s [...]
I’ve left Verizon. A lot of folks have come up to me and asked, so I thought I’d indulge in a rather self-important blog-post and explain something: It wasn’t about Verizon, but about the opportunity I’ve taken. Wade, Chris, Hylender, Marc, Joe, Dave, Dr. Tippett & all the rest – they were all really, really [...]
It’s occurring to me this morning that in terms of benefit/cost, purely in “damage to society” terms, the decision to put html in emails could be one of the worst ideas in the past 25 years. But that’s just me. Your thoughts on others in the comments?