BlogInfoSec.com Spotlight
Eureka! Professor Does FST (Functional Security Testing)
I have been harping on the need to perform what I call “functional security testing,” or FST, which is my term for testing systems to ensure that they don’t do functionally that which they are not supposed to do. This is as opposed to the more common “nonfunctional security testing,” with which we all familiar, [...]
Latest Article
Why the “Risk = Threat x Vulnerability x Impact” Formula is Mathematical Nonsense — Part 2
In my last post, I argued that security risk managers should stop using the “Risk = Threat x Vulnerability x Impact” formula (hereafter, the “R=TVC formula”), for two reasons. First, the variables “Threat” and “Vulnerability” are typically undefined; indeed, even the units of measurement for these variables are usually undefined. Second, the equation may actually [...]
Featured Articles
Why the “Risk = Threats x Vulnerabilities x Impact” Formula is Mathematical Nonsense
(Jeff Lowder) Every now and then I will find a security practitioner presenting the following formula when discussing information security risk analysis (ISRA). Risks = Threats x Read more…
Decision Theory is the Foundation for Information Security Risk Management
(Jeff Lowder) Disclaimer: I originally wrote the following text as a post to a mailing list in 2005, but it still seems applicable today. The more I read the writings of various information Read more…
H1N1 Threat Overblown? Information Security Relevance? A Logic Proof
(Kenneth F. Belva) “H1N1 was totally overblown. Nothing really terrible happened. No one suffered a pandemic and the resulting deaths were less in number than the deaths from the regular Read more…
Network Solutions “Hacked Account” Demonstrates Incompetence
(Kenneth F. Belva) When in doubt, claim the account was hacked. That appears to be the reasoning of a Network Solutions Technical Support Representative. Normally I do not write about other Read more…
US Drones Hack: It’s The Same Old Story
(Kenneth F. Belva) CNN reports that Iraqi insurgents were able to hack and view live feeds from US Spy Drones. The vulnerability was a non-technical one. The article summarized the issue as Read more…
DHS Security Control May Improve Airport Economy
(Kenneth F. Belva) It turns out that banning water on airplanes may help improve the vendor economy in airports. The idea is simple. Since passengers may not carry water onto airplanes when Read more…
Video: Hard Drives – Watch Them Shred
(Kenneth F. Belva) While it’s the dream of almost every information security department to send their hard drives off to the shredder to destroy sensitive data, few of us have actually Read more…