risk compensation

Good afternoon everyone or at least those who share my timezone. We have a good bunch of interesting things to look at that were posted over the weekend. So here we go!

Mike Rothman posted some thoughts on the rapidly evolving Manage Security Services space. He likens it to the process banking went through. It's an interesting read.

Jennifer Jabbusch shares a really good analogy with us regarding Logging, Correlation and IT Search. Very helpful for those times when you are trying to get across an inherently technical topic to a group of non-technical people.

Via Xavier at /dev/random a free and nifty looking tool.

HijackThis™ is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. HijackThis creates a report, or log file, with the results of the scan.

Security4all points us towards a video that gives us a introduction to XSS using Webgoat. The video is hosted at securitydistro.com.

By way of John M Willis, a pointer to an article on Network World, 20 great Windows open source projects you should get to know.

Richard Bejtlich shares his experience attending a Edward Tufte class on Presenting Data and Information. I have not read Edward's stuff, but it is on my list to check out.

Jeff Lowder has an article up on BlogInfoSec.com about Agility and Risk Compensation. He has some interesting points about perceived risk and the actions that people take in light of their understanding of risk as it pertains to agility in business. He also points to a good article on wikipedia about Risk Compensation Theory. Both are worth a gander.

Well that's it for now.

Have a good day.


Technorati Tags: , , , , , , , , , ,