Tag Archives: risk management

DHS Security Control May Improve Airport Economy

– It turns out that banning water on airplanes may help improve the vendor economy in airports. The idea is simple. Since passengers may not carry water onto airplanes when boarding, each flight airport hop benefits because passengers need to re-purchase drinks when they land and exit the aircraft.…

Hope, Fear and Objectivity in National Security: Obama and Chertoff

– Whether or not Barack Obama was your candidate of choice, his Presidency has ushered in a positive response from around the globe. His supporters call this the politics of hope. And, it is in direct opposition to the outgoing US President Bush who’s political tactics are called the politics…

The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 2)

– Objective vs. Subjective Approaches: Strengths and Weaknesses As we have seen, quantitative risk analyses can be subjective and qualitative risk analyses can be objective. The purpose of this slide is to summarize and discuss some of the advantages and disadvantages of both the objective and…

Governance, Risk Management, Compliance (pt. 1): Form over Content?

– Just a couple of months ago I had a discussion with a colleague, Jim Reavis, on the validity of the recent interest in GRC (Governance, Risk management, Compliance), whereby vendors are peddling systems and services to integrate all three areas. I had said to Jim that I thought GRC was the…

The OCC and Application Security: Vindication at Last

– On May 8, 2008, the OCC (Office of the Comptroller of the Currency, part of the U.S. Department of the Treasury) issued Bulletin 2008-16, which you can find here. As the OCC states, there have been prior mentions of application security by the FFIEC (of which OCC is a member), NIST and others.…