Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: vulnerability

Why the “Risk = Threat x Vulnerability x Impact” Formula is Mathematical Nonsense — Part 2

– In my last post, I argued that security risk managers should stop using the “Risk = Threat x Vulnerability x Impact” formula (hereafter, the “R=TVC formula”), for two reasons. First, the variables “Threat” and “Vulnerability” are typically undefined; indeed,…

Cloud Computing Security at Newsweek

– Daniel Lyons will publish an op-ed on the insecurity of cloud computing in Newsweek‘s February 1st, 2010 issue. The  main thrust of the article can be summarized as such: But there is one big, glaring problem with cloud computing, and it just got laid bare in Google’s recent problems…

Are System Monocultures More or Less Secure? Yes!

– About five years ago, in the fall of 2003, there appeared on-line a controversial report with the (what proved to be) incendiary title “CyberInsecurity: The Cost of Monopoly.” It is still available at http://www.ccianet.org/papers/cyberinsecurity.pdf The authors were, and still are,…

Assessing your Organization’s Network Perimeter (pt. 3)

– Welcome once again to the risk rack. This time on the risk rack we will be continuing our review of how to assess your organization’s network perimeter. As a reminder the identified steps were: Step 1: Define the functions and purposes of your network perimeter. Step 2: Assess the technology…