Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: NIST

Risk Mismanagement – Scoring vs. Monte Carlo vs. Scoring

September 12, 2011 – 6:00 am – I finally got to read Douglas Hubbard’s book “The Failure of Risk Management: Why It’s Broken and How to Fix It” (Wiley, 2009). As I have written in other columns about Hubbard’s prior book “How to Measure Anything: Finding the Value of Intangibles in Business” (Wiley, 2007; Second…
By | Posted in CSO/CISO Perspectives, Human Elements, Risk Analysis | Also tagged , , , , , , , , , , , | Comments (4)

NIST Special Publication 800-82 Provides Stuxnet Recipe

May 3, 2011 – 6:00 am – Many were surprised by the Stuxnet worm that infiltrated into Iranian nuclear materials processing plants and reportedly caused the destruction of centrifuges. But they shouldn’t have been surprised, especially if they had read NIST SP 800-82 “Guide to Industrial Control Systems (ICS)…
By | Posted in Contingency Planning, Cybercrime | Also tagged , , , , , | Comments (0)

The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 2)

October 29, 2008 – 6:00 am – Objective vs. Subjective Approaches: Strengths and Weaknesses As we have seen, quantitative risk analyses can be subjective and qualitative risk analyses can be objective. The purpose of this slide is to summarize and discuss some of the advantages and disadvantages of both the objective and…
By | Posted in Risk Analysis | Also tagged , , , , , , , , , , | Comments (0)