Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: featured

6 Theories of Probability and 6 Reasons Why They Matter to ISRA

September 7, 2010 – 6:00 am – While probably everyone would agree that information security risk analysis (ISRA) is shot through with appeals to probability, very few non-academic discussions of ISRA provide any sort of rigorous analysis of what “probability” means. (See Alberts and Dorofee 2003 for a notable…
By | Posted in Risk Analysis | Also tagged , , , , , , , , , , , | Comments (2)

Why the “Risk = Threats x Vulnerabilities x Impact” Formula is Mathematical Nonsense

August 23, 2010 – 6:00 am – Every now and then I will find a security practitioner presenting the following formula when discussing information security risk analysis (ISRA). Risks = Threats x Vulnerabilities x Impact In some versions of this formula, the word “Consequence” is sometimes substituted for…
By | Posted in Risk Analysis | Also tagged , , , | Comments (6)

Decision Theory is the Foundation for Information Security Risk Management

August 18, 2010 – 6:00 am – Disclaimer: I originally wrote the following text as a post to a mailing list in 2005, but it still seems applicable today. The more I read the writings of various information security professionals about information security risk analysis (ISRA), the more I’m struck by the following…
By | Posted in General | Also tagged , , , | Comments (3)

H1N1 Threat Overblown? Information Security Relevance? A Logic Proof

January 27, 2010 – 6:00 am – “H1N1 was totally overblown. Nothing really terrible happened. No one suffered a pandemic and the resulting deaths were less in number than the deaths from the regular flu.” That’s a paraphrase of what some colleagues said to me. This sentiment is now echoed in the mainstream…
By | Posted in CSO/CISO Perspectives, Security in Popular Culture | Also tagged , , | Comments (3)

Network Solutions “Hacked Account” Demonstrates Incompetence

January 7, 2010 – 5:00 am – When in doubt, claim the account was hacked. That appears to be the reasoning of a Network Solutions Technical Support Representative. Normally I do not write about other companies but this is an interesting case. As professionals we view being hacked as something we defend against. While some…
By | Posted in Cybercrime, General, Security in Popular Culture, Technical | Also tagged , , , , , , , | Comments (2)