CSO/CISO Perspectives | BlogInfoSec.com

Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Search

Category Archives: CSO/CISO Perspectives

Security in the Dark

December 6, 2011 – 6:00 am – I attended a roundtable recently at which someone mentioned that, in their experience, those familiar contractual requirements requesting third-party service providers to tell their customers about security breaches within a short time frame (within three hours, say) are often not conveyed to…

By C. Warren Axelrod | Also posted in Compliance and Laws, Human Elements | Tagged breach, breach notification, incident reporting, incidents, spotlight | Comments (0)

The Security of Fools

November 21, 2011 – 6:00 am – No, I’m NOT saying that security professionals are fools … far from it. But many of the folks whom they serve may well be overconfident in their judgments about security. Overconfidence in the face of undisputable evidence to the contrary is described in Daniel Kahneman’s article “The…

By C. Warren Axelrod | Also posted in General, Risk Analysis | Tagged breaches, Daniel Kahneman, illusion of validity, overconfidence, risk, spotlight | Comments (0)

Will Cloud Security Drive You Insane?

October 17, 2011 – 6:00 am – First, the transparency … I have known Jim Reavis, co-founder of the Cloud Security Alliance (CSA), for a dozen years or so. He is a true visionary. He met with me before creating the CSA and asked me what I thought. I told him to go for it. He did and has had remarkable success [...] …

By C. Warren Axelrod | Also posted in General, InfoSec Economics | Tagged Availability, cloud computing, cloud security, Cloud Security Alliance, CSA, Jim Reavis, outsourcing, SMB, spotlight | Comments (0)

So-so SASO … So What?

September 26, 2011 – 6:00 am – A couple of days ago, I happened across Oracle CISO Mary Ann Davidson’s August 24, 2011 blog, “Those Who Can’t Do, Audit” at http://blogs.oracle.com/maryanndavidson/entry/those_who_can_t_do and began writing a column about Davidson’s blog. Then I was pointed to Veracode’s Chris…

By C. Warren Axelrod | Also posted in Risk Analysis, software engineering | Tagged application security, BITS, Chris Wysopal, Department of Homeland Security, FSTC, ISV, Mary Ann Davidson, SAI, SASO, SAST, software assurance, Software Assurance Initiative, spotlight, SwAMP, Veracode | Comments (0)

Risk Mismanagement – Scoring vs. Monte Carlo vs. Scoring

September 12, 2011 – 6:00 am – I finally got to read Douglas Hubbard’s book “The Failure of Risk Management: Why It’s Broken and How to Fix It” (Wiley, 2009). As I have written in other columns about Hubbard’s prior book “How to Measure Anything: Finding the Value of Intangibles in Business” (Wiley, 2007; Second…

By C. Warren Axelrod | Also posted in Human Elements, Risk Analysis | Tagged COBIT, Douglas Hubbard, FAIR, FRAP, Monte Carlo, NIST, OCTAVE, PMI, risk, risk assessment, risk managment, spotlight, Yoo Hoo | Comments (3)

BlogInfoSec.com

Search

Category Archives: CSO/CISO Perspectives

Security in the Dark

The Security of Fools

So-so SASO … So What?

Risk Mismanagement – Scoring vs. Monte Carlo vs. Scoring

BlogInfoSec.com Sponsors

BlogInfoSec.com Partners

Qualified Writer?

Subscribe to Our Newsletter:

Authors

Categories

Translations

Recent Comments