Each year the World Economic Forum releases their Global Risk Report around the time of the annual Davos conference. This year’s report is out and below are notes on the “cyber” content to help others speed-read through those sections (in the event you don’t read the whole thing). Their expert panel is far from infallible,… Continue reading
Post Category → Risk
Data Driven Security Roundup: betaPERT, Shiny, Honeypots, Passwords & Reproducible Research
Jay Jacobs (@jayjacobs)—my co-author of the soon-to-be-released book [Data-Driven Security](http://amzn.to/ddsec)—& I have been hard at work over at the book’s [sister-blog](http://dds.ec/blog) cranking out code to help security domain experts delve into the dark art of data science. We’ve covered quite a bit of ground since January 1st, but I’m using this post to focus more… Continue reading
Bahrain eGov Conference “Risk Reality” Slides
For those finding this post from the Bahrain eGov conference, I’d like to re-extend a hearty “Thank you!” for being one of most engaging, interactive and intelligent audiences I’ve ever experienced. I truly enjoyed talking with all of you. You can find the slides on my Dropbox [PDF] and please do not hesitate to bounce… Continue reading
New SecurID Soft Token Cloning Weakness : What’s The Risk?
I posted a link to Twitter earlier on a recent discovery of the ability to clone RSA SecurID soft tokens: It (rightfully so) received some critical responses by @wh1t3rabbit & @wikidsystems since, apart from what the hypesters may say, this is a low-risk weakness. Think about it. Just looking at the two most likely threat… Continue reading
Off By One : The Importance Of Fact Checking Breach Reports
I didn’t read through the Massachusetts 2011 Report on Data Breach Notifications [PDF] until recently, but once I went through the report my brain kept telling me “something is wrong”. Not something earth shattering, but more of a “something is off” signal. This happens more than I’d like as I tend to constantly background process what… Continue reading
Is Your Organization Ready For a Risk Management Program?
While the slides will be officially available from SIRA web site in the not-too-distant future—complete with video (for all the talks)—I figured it wouldn’t hurt to put them up here as well. Keynote version PDF version My sincere thanks, again, to @jayjacobs and the SIRA board for allowing me to have the privilege of being… Continue reading
Three Resolutions For Web Developers
I’m on a “three things” motif for 2012, as it’s really difficult for most folks to focus on more than three core elements well. This is especially true for web developers as they have so much to contend with on a daily basis, whether it be new features, bug reports, user help requests or just… Continue reading
Predictions? Humbug! Resolve Is Where It’s At
This is the time of year when pundits and armchair/amateur analysts make predictions for the coming year. Given that only a tiny fraction of them predicted the Sonage of 2011 (not Sony specifically or the level of pwnage) or the RSA/Lockeed [↑, ↑, ↓, ↓, ←, →, ←, →, B, A] multi-faceted “supply chain” attack… Continue reading