Loading ...-
-
-
BlogInfoSec.com Sponsors
-
BlogInfoSec.com Partners
Tag Archives: spotlight
Security in Times of Crisis
September 30, 2008 – 6:00 am
–
Who would have thought, when I wrote my three-part column on “Security and Change” (here, here and here) that all three aspects would hit us at the same time. There was Hurricane Ike, the disappearance and takeovers of major financial institutions, and the massive credit freeze…
The Status of Recent Research Concerning Data Breaches and Reputational Risk
September 11, 2008 – 6:00 am
–
Nearly three years ago, Ken Belva wrote a paper intended to be a “starting point for further, positive discussion” regarding the topic of data breaches and reputational risk. The title of the paper also presented Ken’s major theme: “How It’s Difficult to Ruin a…
Governance, Risk Management, Compliance (pt. 1): Form over Content?
September 8, 2008 – 6:00 am
–
Just a couple of months ago I had a discussion with a colleague, Jim Reavis, on the validity of the recent interest in GRC (Governance, Risk management, Compliance), whereby vendors are peddling systems and services to integrate all three areas.
I had said to Jim that I thought GRC was the…
The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 1)
September 4, 2008 – 6:00 am
–
Many discussions of security risk analysis methodologies mention a distinction between quantitative and qualitative risk analysis, but virtually none of those discussions clarify the distinction in a rigorous way. The purpose of this 3-part series is to clarify that distinction and then show why…
So Why Do We Need Security Professionals, Anyway?
September 3, 2008 – 6:00 am
–
So, why do we do what we do, and what if we couldn’t do it anymore? I have reinvented myself so many times over the years that anyone reading my curriculum vitae would imagine I was the victim of identity theft. Stints in the Teamsters, Longshoremen, and building unions have given me my…
