-
Recent Comments
- Navin on Why Information Security Professionals Should Learn Texas Hold ‘em Poker
- john doe on An Analysis of the Privacy Rights Clearinghouse “Chronology of Data Breaches” and Implications for Information Security Professionls (pt. 1)
- Adam Shostack on PCI DSS Position on Patching May Be Unjustified
- Jens Laundrup on PCI DSS Position on Patching May Be Unjustified
- Kris on Medical Identity Theft: Your Money or Your Life
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
Category Archives: Risk Analysis
PCI DSS Position on Patching May Be Unjustified
June 27, 2008 – 6:00 am
–
Verizon Business recently posted an excellent article on their blog about security patching. As someone who just read The New School of Information Security (an important book that all information security professionals should read), I thought it was refreshing to see someone take an…
Assessing your Organization’s Network Perimeter (pt. 2)
June 16, 2008 – 6:00 am
–
Welcome once again to the risk rack. This time on the risk rack we will be continuing our review of how to assess your organization’s network perimeter. As a reminder the identified steps were:
Step 1: Define the functions and purposes of your network perimeter.
Step 2: Assess the technology…
Agility and Risk Compensation: Exploring the Connection
June 9, 2008 – 6:00 am
–
In my previous and inaugural column, I introduced the concept of a tradeoff between information security and agility, where agility was defined as “the capability to change with managed cost and speed.” Information security doesn’t necessarily have to be at odds with agility, but…
Assessing your Organization’s Network Perimeter (pt. 1)
June 2, 2008 – 6:00 am
–
Welcome once again to the risk rack. This time on the risk rack we will be reviewing how to assess your organization’s network perimeter. The assessment of a network perimeter has six major steps:
Define the functions and purposes of your network perimeter.
Assess the technology used along…
Risk Assessment Gone Awry: The Costly, and Unpleasant, Consequences of Good Intentions
May 21, 2008 – 6:00 am
–
We are all well aware that information security controls should be “risk-based.” Innumerable email messages received from vendors stress this apparent truth, and conference speakers are forever reminding us that risk assessment must serve as the foundation of an effective—and…
Loading ...


