SEARCH RESULTS
 
Showing 1-10 of 56 records
 
Expand article

Communicating about risk - part 1

The Article has images
2008-05-05 18:12:14 by JonesJ in RiskAnalys.is
...frequency is low Vulnerability is high Probable loss magnitude is significant When these conditions exist, the low loss event frequency is driven solely by the low threat event frequency. In other words, were not actively managing loss event frequency; were just trusting to luck. If threat event frequency changes (or an event occurs at all),...
 
Tags: risk, effective, cost-effective risk management, fragile condition exists, condition, unstable condition, risk qualifiers, risk condition, risk chart perspective
 
 
 
 
Expand article

Should We Treat Contractors The Same as Employees?

2008-03-26 13:47:43 by Alex in RiskAnalys.is
 
...Frequency of Loss Events for our populations (W2, 1099). Now for any threat community, we can do one of three things 1.) Reduce the Frequency of Contact This is really either blocking, cordoning, obfuscation, what have you. For W2s and 1099s our ability to reduce Frequency of Contact may be limited 2.) Reduce the Probability of Action The...
 
Tags: threat, threat communities, threat agent applies, threat agents, threat event results, threat community, employees, risk tolerance, risk
 
 
 
 
Expand article

What Are You Managing Towards? (And On Disproving Risk Management)

The Article has images
2008-06-03 14:41:11 by Alex in RiskAnalys.is
...frequency and magnitude of loss on an aggregate level, not just within the context of a discreet technical or policy issue That last point is important. And its related to my post today WHAT DO YOU MANAGE TOWARDS This blog is blessed to have some very smart people be part of it. There are security managers from all sorts of industries that...
 
Tags: management, risk management, term risk management, management focuses, management approach, risk management process, patch management, cost management, upper management
 
 
 
 
Expand article

(Not Really) Stateful IT-GRC Inspecting Threat Management At Gigabit Speeds

2008-07-22 14:41:00 by Alex in RiskAnalys.is
 
...frequency and probable magnitude of future loss Then managing the risk inherent in PCI DSS compliance could mean 1.) The expected frequency of being out of compliance and how much that will cost us Because lets face it - being in or out of PCI compliance is still a subjective judgment. First, we have what our ever-qualified assessor says. But...
 
Tags: pci risk management, risk management, pci dss, pci dss compliance, risk, risk inherent, management, pci, pci concerns
 
 
 
 
Expand article

Got Milk? Stuff I did not know about data protection and privacy

2007-11-26 01:49:00 by Manu Namboodiri in Data Protection, Management and Leakage
 
...frequency and maybe stop coming to the store. And what was the bottom line? Milk is the leading indicator The short shelf life and the ubiquity of milk dictated the purchase frequency of all grocery items in the home and thus timing of trips to the store. If the customer found milk (better, cheaper, organic, closer etc) they are more likely...
 
Tags: milk purchase, purchase, reduce purchase frequency, data, milk, purchase frequency, mined data, mined, data-centric view
 
 
 
 
Expand article

Evolving Schneiers Security Mindset

2008-04-28 12:30:42 by Alex in RiskAnalys.is
 
...frequency of events - or *Is* it being done or more likely to be done in the future, and at what rate EXAMPLE OF THE DIFFERENCE There should probably be a Godwin-esque law about 9/11 examples and security by now, but youll forgive the indulgence. Post 9/11, we had all sorts of questions about the risk of attackers and national infrastructure....
 
Tags: mindset, security, security mindset matures, security mindset, security professionals, security requires, security vulnerabilities, applicable threat community, threat community
 
 
 
 
Expand article

Stolen account firm laptop contained personal information

The Article has images
2008-04-28 09:50:55 by Evan Francen in The Breach Blog
...frequency of password changes, more complex passwords and encryption software when applicable Evan] Careful. Increased frequency of password changes and increased password complexity can very easily lead to an increase in the probability that people will write passwords down. A person writing a password down on a Post-It note will defeat all...
 
Tags: information, clients personal information, clients, personal information, specific information, store confidential information, client information, confidential information, personal information inside
 
 
 
 
Expand article

Communicating about risk - part 2

The Article has images
2008-05-20 16:22:24 by JonesJ in RiskAnalys.is
...frequency, we can account for events that occur many times within the defined timeframe as well as those that occur fewer than once in the timeframe (e.g., .01 times per year, or once in one hundred years). Of course, this raises the question of how we determine frequency, particularly for infrequent events. In the interest of keeping this...
 
Tags: risk, managements risk tolerance, enterprise risk tolerance, risk tolerance, likelihood, risk analysis, likelihood connotes, lines, likelihood statement refer
 
 
 
 
Expand article

An improved clock-skew measurement technique for revealing hidden services

The Article has images
2008-06-26 05:12:21 by Steven J. Murdoch in Light Blue Touchpaper
...frequency clocks. The basic idea, shown below, is to only request timestamps very close to a clock transition, where the quantization noise is lowest. This requires the attacker to firstly lock-on to the phase of the clock, then keep tracking it even when measurements are distorted by network jitter Sebastian and I wrote a paper An Improved...
 
Tags: clock-skew measurement technique, clock, clock-skew, clock transition, clock source, clock skew, magnitude lower noise, tcp, tcp timestamps
 
 
 
 
Expand article

Transactional Confidentiality in Sensor Networks

2008-07-31 13:30:21 by Editor in IEEE Security and Privacy