-
-
-
BlogInfoSec.com Sponsors
-
BlogInfoSec.com Partners
Tag Archives: featured
The CIA Triad: Theory and Practice
July 26, 2012 – 6:00 am
–
Recently Bloginfosec.com published an article by Warren Axelrod entitled, It’s About Availability and Integrity (not so much Confidentiality). It appears that the article generated a bit of controversy with a response by Jim Bird entitled, It’s About Confidentiality and Integrity (not so much…
6 Theories of Probability and 6 Reasons Why They Matter to ISRA
September 7, 2010 – 6:00 am
–
While probably everyone would agree that information security risk analysis (ISRA) is shot through with appeals to probability, very few non-academic discussions of ISRA provide any sort of rigorous analysis of what “probability” means. (See Alberts and Dorofee 2003 for a notable…
Why the “Risk = Threats x Vulnerabilities x Impact” Formula is Mathematical Nonsense
August 23, 2010 – 6:00 am
–
Every now and then I will find a security practitioner presenting the following formula when discussing information security risk analysis (ISRA). Risks = Threats x Vulnerabilities x Impact In some versions of this formula, the word “Consequence” is sometimes substituted for…
Decision Theory is the Foundation for Information Security Risk Management
August 18, 2010 – 6:00 am
–
Disclaimer: I originally wrote the following text as a post to a mailing list in 2005, but it still seems applicable today. The more I read the writings of various information security professionals about information security risk analysis (ISRA), the more I’m struck by the following…
H1N1 Threat Overblown? Information Security Relevance? A Logic Proof