-
-
-
BlogInfoSec.com Sponsors
-
-
BlogInfoSec.com Partners
-
Tag Archives: risk management
Classy Data (pt. 3) – Ownership and Risk
September 28, 2009 – 6:00 am
–
Security professionals proudly describe how they assign owners to their organizations’ data and those owners “assume the risk of any compromise of the data.” Give me a break! The owner is invariably some business-unit manager who just wants to get the job done. The manager will agree to…
DHS Security Control May Improve Airport Economy
July 31, 2009 – 5:00 am
–
It turns out that banning water on airplanes may help improve the vendor economy in airports. The idea is simple. Since passengers may not carry water onto airplanes when boarding, each flight airport hop benefits because passengers need to re-purchase drinks when they land and exit the…
The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 2)
October 29, 2008 – 6:00 am
–
Objective vs. Subjective Approaches: Strengths and Weaknesses
As we have seen, quantitative risk analyses can be subjective and qualitative risk analyses can be objective. The purpose of this slide is to summarize and discuss some of the advantages and disadvantages of both the objective and…
Governance, Risk Management, Compliance (pt. 1): Form over Content?
September 8, 2008 – 6:00 am
–
Just a couple of months ago I had a discussion with a colleague, Jim Reavis, on the validity of the recent interest in GRC (Governance, Risk management, Compliance), whereby vendors are peddling systems and services to integrate all three areas.
I had said to Jim that I thought GRC was the…
Hope, Fear and Objectivity in National Security: Obama and Chertoff