Cisco’s Artichoke of Attack

by alex on July 23, 2010

Cisco has their security report up – find it here.  My favorite part?  “The Artichoke of Attack”

Society of Information Risk Analysts Webex/Meeting Tomorrow

by alex on July 14, 2010

Hey, just so you all know, SOIRA is having our lunch (or breakfast) Al-Desko Webex.  This month we have the pleasure of watching Chris Hayes show how to use quantitative risk analysis for real, pragmatic business purposes.  It’s going to (…)

Read the rest of this entry »

Survey Results

by alex on July 13, 2010

First, thanks to everyone who took the unscientific, perhaps poorly worded survey. I appreciate you taking time to help out.  I especially appreciate the feedback from the person who took the time to write in: “Learn the proper definition of (…)

Read the rest of this entry »

Risk -> Operational Security Survey

by alex on July 12, 2010

Hi, I’m very interested right now in finding the quality of risk analysis as it relates to operational security. If you’re a risk analyst, a security executive, or operational security analyst, would you mind taking a one question survey? It’s (…)

Read the rest of this entry »

War’s Common Goal, What Remains Are Only The Values of Culture

by alex on July 8, 2010

adapted from the t-shirt seen in the anton corbijn work here. With all apologies to both Paul  Morely and Katherine Hamnett. And that’s about all I have to say on the subject.

GAO report on the state of Federal Cyber Security R&D

by Russell on July 7, 2010

This GAO Report is a good overall summary of the state of Federal cyber security R&D and why it’s not getting more traction.    Their recommendations (p22) aren’t earth-shaking: “…we are recommending that the Director of the Office of Science and (…)

Read the rest of this entry »

ISACA CRISC – A Faith-Based Initiative? Or, I Didn’t Expect The Spanish Inquisition

by alex on July 2, 2010

In comments to my “Why I Don’t Like CRISC” article, Oliver writes: CobIT allows to segregate what is called IT in analysable parts.  Different Risk models apply to those parts. e.g. Information Security, Architecture, Project management. In certain areas the (…)

Read the rest of this entry »