-
-
-
BlogInfoSec.com Sponsors
-
-
BlogInfoSec.com Partners
-
Category Archives: Risk Analysis
How to be a Software Engineer without Understanding Software
January 30, 2012 – 6:00 am
–
Imagine a world where the majority of people who claim to “do” software engineering do not know even basic concepts that are taught in computer science 101 classes, such as basic data structures and why they matter. A world in which most accountants didn’t know how to read a…
The Personalization of Risk
December 19, 2011 – 6:00 am
–
I realized when I received several comments regarding my September 12, 2011 column “Risk Mismanagement – Scoring vs. Monte Carlo vs. Scoring” from Doug Hubbard and others, that I hadn’t been clear enough in my description of what I had termed “subjective risk.” It also seems that…
The Security of Fools
November 21, 2011 – 6:00 am
–
No, I’m NOT saying that security professionals are fools … far from it. But many of the folks whom they serve may well be overconfident in their judgments about security. Overconfidence in the face of undisputable evidence to the contrary is described in Daniel Kahneman’s article “The…
SEC-urity’s Catch 22
November 7, 2011 – 6:00 am
–
On October 13, 2011, the Division of Corporation Finance (DCF) of the Securities and Exchange Commission (SEC) issued CF Disclosure Guidance: Topic No. 2 – Cybersecurity, available at http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm . It provides the DCF’s “views…
So-so SASO … So What?
September 26, 2011 – 6:00 am
–
A couple of days ago, I happened across Oracle CISO Mary Ann Davidson’s August 24, 2011 blog, “Those Who Can’t Do, Audit” at http://blogs.oracle.com/maryanndavidson/entry/those_who_can_t_do and began writing a column about Davidson’s blog. Then I was pointed to Veracode’s Chris…