Thinking about Cloud Security & Vulnerability Research: Three True Outcomes

by alex on June 28, 2010

When opining on security in “the cloud” we, as an industry, speak very much in terms of real and imagined threat actions.  And that’s a good thing: trying to anticipate security issues is a natural, prudent task. In Lori McVittie’s (…)

Read the rest of this entry »

RiskIT – Does ISACA Suffer From Dunning-Kruger?

by alex on June 25, 2010

Just to pile on a bit…. You ever hear someone say something, and all of the sudden you realize that you’ve been trying to say exactly that, in exactly that manner, but hadn’t been so succinct or elegant at it? (…)

Read the rest of this entry »

CRISC? C-Whatever

by Chandler on June 24, 2010

Alex’s posts on Posts on CRISC are, according to Google, is more authoritative than the CRISC site itself: Not that it matters.  CRISC is proving itself irrelevant by failing to make anyone care.  By way of comparison, I googled a (…)

Read the rest of this entry »


by alex on June 24, 2010

PREFACE:  You might interpret this blog post as being negative about risk management here, dear readers.  Don’t. This isn’t a diatrabe against IRM, only why “certification” around information risk is a really, really silly idea. Apparently, my blog about why (…)

Read the rest of this entry »

Bleh, Disclosure

by alex on June 22, 2010

Lurnene Grenier has a post up on the Google/Microsoft vunlerability disclosure topic. I commented on the SourceFire blog (couldn’t get the reminder from Zdnet about my password, and frankly I’m kind of surprised I already had an account – so (…)

Read the rest of this entry »

Measuring The Speed of Light Using Your Microwave

by alex on June 21, 2010

Using a dish full of marshmallows.  We’re doing this with my oldest kids, and while I was reading up on it, I had to laugh out loud at the following: …now you have what you need to measure the speed (…)

Read the rest of this entry »

Alex on Science and Risk Management

by adam on June 17, 2010

Alex Hutton has an excellent post on his work blog: Jim Tiller of British Telecom has published a blog post called “Risk Appetite, Counting Security Calories Won’t Help”. I’d like to discuss Jim’s blog post because I think it shows (…)

Read the rest of this entry »

Breach Laws & Norms in the UK & Ireland

by adam on June 14, 2010

Ireland has proposed a new Data Breach Code of Practice, and Brian Honan provides useful analysis: The proposed code strives to reach a balance whereby organisations that have taken appropriate measures to protect sensitive data, e.g. encryption etc., need not (…)

Read the rest of this entry »

Excellent Post On Maturity Scale for Log Management

by alex on June 8, 2010 Raffael Marty’s great  post on how to measure the maturity level for your log management program.   Excellent as always.


by adam on June 3, 2010

Andrew and I want to say thank you to Dave Marsh. His review of our book includes this: I’d have to say that the first few pages of this book had more of an impact on me that the sum (…)

Read the rest of this entry »