ramblings on various information security topics
From the category archives:
My good friend, Alex Hutton, has written an excellent post where he talks about the science of Risk Management.
I am not going to try and summarize what he says because he says it so well.
Do yourself a favor and go read it. Then go and look at some of the stuff he points to in [...]
{ 0 comments }
I wish I could take credit for the idea below, but I cannot. This was sent to me by someone who works in a marketer compliance department.
With his permission, I modified it a little to be information security centric and now present it to you. Enjoy.
BTW - I won't be surprised if I get a [...]
{ 0 comments }
I am very pleased to announce that my Peer2Peer session submission for RSA 2010 was accepted.
Here is the definition of a Peer2Peer session from RSA in case you are not familiar with them:
Have a security issue you would like to discuss with your peers? Want to share your experiences with a new technology? Care [...]
{ 0 comments }
Well, there I go again, I keep saying I am going to get back to it and then leave you hanging. No real excuse this time other than being mondo busy.
As usual, all the posts in this series can be found on this page if you want a refresher or are just now jumping on [...]
{ 3 comments }
First, I apologize for the long absence of any further posts in this series. I am sure everybody thought I had decided not to continue. Not the case. With the presentation at Secure360, a bathroom remodel and life in general getting in the way, I didn't take the time to keep on top of this [...]
{ 0 comments }
This is the presentation I gave at Secure360 2009 titled "Measuring and Communicating Risk using Factor Analysis of Information Risk (FAIR)."
Get the latest Flash Player to see this player.
[Javascript required to view Flash movie, please turn it on and refresh this page]
document.getElementById("player1").style.display = "";
var s1 = new SWFObject("/player-viral.swf","player1","640","500","7");
s1.addParam("wmode","transparent");
s1.addParam("allowscriptaccess","always");
s1.addParam("allowfullscreen","true");
s1.addVariable("height","500");
s1.addVariable("width","640");
s1.addVariable("file","/video/09_SECURE360_043.flv");
s1.addVariable("image","/video/09_SECURE360_043.jpg");
s1.addVariable("link","/video/09_SECURE360_043.flv");
s1.write("player1");
As always, I am interested in [...]
{ 4 comments }
I go through quite a few blogs everyday to keep abreast of what is being said in the information security world. My daily bits posts are things that strike me as interesting and that I think you might find interesting too.
I don't usually single out a blog post all on its own, but every once [...]
{ 0 comments }
In the last post in our series on FAIR we took a look at the data flow diagram for the system that Oblivia wants us to assess. We also reviewed the definition of threat and quickly figured out we need a way to narrow down which threats we should be most concerned about.
FAIR uses the [...]
{ 0 comments }
I am really excited. I will be speaking at Secure360. The conference takes place on May 12th and 13th in St. Paul, Minnesota. I will be speaking in the afternoon on the 13th.
From the Secure360 website:
The Upper Midwest Security Alliance (UMSA) serves business, government, and education professionals in the Twin Cities and surrounding areas. The Secure360 conference [...]
{ 0 comments }
So, to revisit the post which sparked the last few, let's talk about assets. Before we get started though, just a reminder that all the posts in this series can be found on this page.
And now, on with the show. We have described the organization for which we are performing the assessment. We have also [...]
{ 5 comments }
