Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: Risk Analysis

A “Fluid and Pragmatic” Approach to Security

– It really is disheartening to read time after time about the inadequacies of the information security approaches upon which we so heavily depend. A brief interview of Moti Yung by Laura DiDio in the July 2014 issue of the Communications of the ACM is one such article. Dr. Yung is known for his…

Supply Chains Mean (Cyber) War

– Author’s note: Since this column was originally written, another “scandal” broke around the use by third-party suppliers of North Korean gold, affecting such companies as Hewlett-Packard Co. and IBM, as described by Joel Schectman in the Risk & Compliance Journal section of The Wall…

Heartbleed Lessons – FST and Lab Certification

– There has been much written following the “discovery” of the Heartbleed bug that plagues OpenSSL … some informative, some constructive, some neither. Perhaps the most useful article to date is one published on April 18, 2014, which was written by Nicole Perlroth of The New York Times…

Run More Risk Models Faster? … Maybe

– Jim Goodnight, the co-founder and CEO of the SAS Institute has suggested (see Penny Crosman’s March 28, 2013 article “The Trouble with Banks’ Risk Models: Q&A with the Chief of SAS,” at…

Risk and Human Frailty

– My September 12, 2011 BlogInfoSec column “Risk Management – Scoring vs. Monte Carlo vs. Scoring” was about the subjectivity of risk assessments, where the term “subjectivity” was defined as one’s personal view of particular risks. I received some considerable push-back from the likes…