Loading ...
BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
-
Recent Comments
- Bouch on Who’s In Charge Here? The Problem of Information Security Governance
- SecurityExec on Who’s In Charge Here? The Problem of Information Security Governance
- dustin on Patent No. 7,124,197: ARP Poisoning Hack!
- Rob on Agility and Risk Compensation: Exploring the Connection
- Navin on Why Information Security Professionals Should Learn Texas Hold ‘em Poker
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC compliance Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG law leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk Risk Analysis risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
Category Archives: Risk Analysis
Slashdot Post On Security Ethics Demonstrates Professional Naiveness
April 18, 2008 – 6:00 am
–
Over at Slashdot, an anonymous reader was quoted as follows (in entirety):
“I am a senior security xxx in a Fortune 300 company and I am very frustrated at what I see. I see our customers turn a blind eye to blatant security issues, in the name of the application or business requirements. I…
The Misleading Nature of Schneier’s Security Mindset
April 10, 2008 – 6:00 am
–
Recently Bruce Schneier wrote an essay on the Security Mindset. In it he wrote:
Security requires a particular mindset. Security professionals — at least the good ones — see the world differently. They can’t walk into a store without noticing how they might shoplift. They…
Reviewing a SAS 70 report (and getting it right)
March 21, 2008 – 6:00 am
–
Welcome to the second “The Risk Rack” column. What I would like to talk to you today about are SAS 70 assessments. Not the actual performance of the assessment but, the proper way to review a SAS 70 assessment to ensure your service provider has the appropriate controls in place to protect…
The core truth of risk
March 11, 2008 – 6:00 am
–
Welcome to the inaugural “The Risk Rack” column. Being the first column I thought it would a good idea to use it to start simply and slowly. First I wanted to note that this column is intended for information technology risk management professionals, information technology auditors,…
Metrics Revisited – Application Security Metrics