Best, Good, Standard Practices
Its like Scott knew it was my birthday and wrote a special comic just for me
RiskAnalys.is
 |  |
 |  |
 |  |
 |
Showing 1-10 of 40 records
| |
| |
| |
|
Risk and CVSS
Chris Hayes is taking me to town in terms of risk content with his last two posts on Risk & CVSS . I told you his blog was going to be a good one
| |
| |
| |
|
Gemba & The Journey
...information for use in analysis. For risk we have to also journey back to the production line, or, in our case, to the application/LOB owner. It may also be to corporate counsel, to marketing, to all sorts of other places in the enterprise because probable losses (a necessary measurement we need in order to understand risk) may come from many...
| |
| |
| |
|
Relentless Reflection - What it Means in Risk Management
...information security where significant visibility and insight about the environment is needed for complete information (get bullish on Log Management is my recommendation
HANSEI STEPS ADAPTED TO INFORMATION SECURITY
This is one of those quality control concepts that we can mangle adopt. At Toyota, Hansei-Kaizen includes the following basic...
| |
| |
| |
|
Hansei-Kaizen & Risk Management Practices
...Information Risk Management, Information Security, the role of the security group and the analytical function. The following isnt necessarily a revelation, but as Ive a friend interviewing for a CISO-type job at a Fortune 20 this week and they are focused on a not dissimilar business management philosophy, I thought Id write a little about...
| |
| |
| |
|
Reputation Damage & Measurement
...Information Security (yours truly included) want to immediately look at stock price as a bell-weather metric for incident impact. I think this stems from our days of slinging FUD, back when we could scream Buy a firewall or well have an incident and youll be on the front page of the paper and the stock price will go down! But these days...
| |
| |
| |
|
Server Upgrade
So our server was upgraded by our hosting provider. Unfortunately, in the upgrade, a comment from Christian was lost amidst the shuffle. Sorry Christian
Please take a second and verify your RSS feeds and all that. Thanks
Alex
| |
| |
| |
|
Is Your Firewall a High Risk Entity
Not trying to be overly snarky here, but I was reviewing some GRC product literature recently. And there was a screenshot of an application window showing how the software helps identify high risk entities. And in the screenshot, there were 5 of these entities listed, each with corresponding risk ratings (High/Medium/Low) and scores (really just...
| |
| |
| |
|
UPDATES GALORE! or, THE PRONOUN WE MEANS YOU AND ME!
...Information Security Agency) developed a very nice document that reviewed something like 18 different risk assessment methodologies against their Criteria for Goodness. FAIR was one of the ones they reviewed, and we (the royal we used there to include all us FAIR-Folk) did awfully well. Things of interest
They based their work on the current...
| |
| |
| |
|
New Weblog - Its Gonna Be Good: Risktical.Com
...Information Risk, and if you want a pragmatic, practical view of risk within the context of a sophisticated IRM program, his blog is something youll want to read
Also, hes into the cello. Which is cool