Posts Tagged “risk analysis”

ISACA CRISC – A Faith-Based Initiative? Or, I Didn’t Expect The Spanish Inquisition

by alex on July 2, 2010

In comments to my “Why I Don’t Like CRISC” article, Oliver writes: CobIT allows to segregate what is called IT in analysable parts. ¬†Different Risk models apply to those parts. e.g. Information Security, Architecture, Project management. In certain areas the (…)

Read the rest of this entry »

Measuring The Speed of Light Using Your Microwave

by alex on June 21, 2010

Using a dish full of marshmallows. ¬†We’re doing this with my oldest kids, and while I was reading up on it, I had to laugh out loud at the following: …now you have what you need to measure the speed (…)

Read the rest of this entry »

Can quantitative risk estimation serve as a guide for every-day policy decisions?

by Russell on December 5, 2009

A methodology is presented for guiding individual policy decisions from a risk management perspective, using a form of “abduction validation”. An example is presented using the case of password change policy, drawing from recent blog discussions.