Tag Archives: vulnerability

The Spectre of Chip Meltdown

– The latest big-time cybersecurity scare is the discovery of vulnerabilities, named Spectre and Meltdown by researchers, in many computer processors from Intel and others, which open affected processors up to exploitation by hackers who can, as I understand the situation, use those vulnerabilities…

Why the “Risk = Threat x Vulnerability x Impact” Formula is Mathematical Nonsense — Part 2

– In my last post, I argued that security risk managers should stop using the “Risk = Threat x Vulnerability x Impact” formula (hereafter, the “R=TVC formula”), for two reasons. First, the variables “Threat” and “Vulnerability” are typically undefined; indeed,…

Cloud Computing Security at Newsweek

– Daniel Lyons will publish an op-ed on the insecurity of cloud computing in Newsweek‘s February 1st, 2010 issue. The  main thrust of the article can be summarized as such: But there is one big, glaring problem with cloud computing, and it just got laid bare in Google’s recent problems…

Are System Monocultures More or Less Secure? Yes!

– About five years ago, in the fall of 2003, there appeared on-line a controversial report with the (what proved to be) incendiary title “CyberInsecurity: The Cost of Monopoly.” It is still available at http://www.ccianet.org/papers/cyberinsecurity.pdf The authors were, and still are,…

Assessing your Organization’s Network Perimeter (pt. 3)

– Welcome once again to the risk rack. This time on the risk rack we will be continuing our review of how to assess your organization’s network perimeter. As a reminder the identified steps were: Step 1: Define the functions and purposes of your network perimeter. Step 2: Assess the technology…