Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: Human Elements

Confirmation of NSA IAM Deficiencies

– I read an article by Neil McAllister in The Register of August 30, 2013 confirming many of the suppositions that I made in my July 1, 2013 BlogInfoSec column “NSA: IAM … What IAM?” The article “NSA: NOBODY could stop Snowden—he was a SYSADMIN: Virtually unfettered access blew…

NSA: IAM … What IAM?

– Update: It has been several weeks since the Snowden leaks and, at time of writing, his every move, real and virtual, is being tracked by the media. While Snowden having access to top-secret information was mentioned briefly, as noted in this column, it wasn’t until weeks after the leaks (and…

Risk and Human Frailty

– My September 12, 2011 BlogInfoSec column “Risk Management – Scoring vs. Monte Carlo vs. Scoring” was about the subjectivity of risk assessments, where the term “subjectivity” was defined as one’s personal view of particular risks. I received some considerable push-back from the likes…

Security in the Dark

– I attended a roundtable recently at which someone mentioned that, in their experience, those familiar contractual requirements requesting third-party service providers to tell their customers about security breaches within a short time frame (within three  hours, say) are often not conveyed to…

Risk Mismanagement – Scoring vs. Monte Carlo vs. Scoring

– I finally got to read Douglas Hubbard’s book “The Failure of Risk Management: Why It’s Broken and How to Fix It” (Wiley, 2009). As I have written in other columns about Hubbard’s prior book “How to Measure Anything: Finding the Value of Intangibles in Business” (Wiley, 2007; Second…