Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: Risk Analysis

Supply Chains Mean (Cyber) War

– Author’s note: Since this column was originally written, another “scandal” broke around the use by third-party suppliers of North Korean gold, affecting such companies as Hewlett-Packard Co. and IBM, as described by Joel Schectman in the Risk & Compliance Journal section of The Wall…

Heartbleed Lessons – FST and Lab Certification

– There has been much written following the “discovery” of the Heartbleed bug that plagues OpenSSL … some informative, some constructive, some neither. Perhaps the most useful article to date is one published on April 18, 2014, which was written by Nicole Perlroth of The New York Times…

Run More Risk Models Faster? … Maybe

– Jim Goodnight, the co-founder and CEO of the SAS Institute has suggested (see Penny Crosman’s March 28, 2013 article “The Trouble with Banks’ Risk Models: Q&A with the Chief of SAS,” at…

Risk and Human Frailty

– My September 12, 2011 BlogInfoSec column “Risk Management – Scoring vs. Monte Carlo vs. Scoring” was about the subjectivity of risk assessments, where the term “subjectivity” was defined as one’s personal view of particular risks. I received some considerable push-back from the likes…

Are Perceptions About Cloud Security and Availability Overblown … and Wrong?

– It appears that the greatest hindrance for organizations to move their applications and data into the cloud is concern about security and availability. While it is arguable whether or not security and privacy risks and system failure rates and durations are greater overall for cloud-based…