A while back I was engaged in a conversation on Twitter with @diami03 & @chriseng regarding (what I felt was) the need for someone to provide the perspective from within a medium-to-large enterprise, especially when there are so many folks in infosec who are fond of saying “why didn’t they just…?” in response to events… Continue reading
Post Category → Risk
Your New Mega Security Program
Everyone who can read this blog should remember the Deepwater Horizon spill that occurred in the Spring of 2010; huge loss of life (any loss is huge from my persective) and still unknown impact to the environment. This event was a wake-up call to BP execs and other companies in that industry sector. You should… Continue reading
RLRAA – Real Life Risk Assessment Acronyms
UPDATE: I have intentionally cross-posted this to my SIRA blog since the combined wit & intelligence of the folks there trumps anything I could do alone here. All the following newly-minted risk assessment types have been inspired by actual situations. Hopefully you get to stick to just the proper OCTAVE/FAIR/NIST/etc. ones where you practice. HARA… Continue reading
Crossroad of ERM and the Parallels to IRM
Had to modify the latimes URL in the post due to a notice from Wordfence/Google I was reviewing the – er – highlights? – from the ninth ERM Symposium in Chicago over at Riskviews this morning and was intrigued by some of the parallels to the current situation in enterprise security risk management (the ERM… Continue reading
Behind The Mask : Supporting The New CIO Personas
This morning, @joshcorman linked to an article in the Harvard Business Review “The Conversation” blog that put forth the author’s view of The Four Personas of the Next-Genereation CIO. The term persona is very Jungian and literally refers to “masks worn by a mime”. According to Jung, the persona “enables an individual to interrelate with… Continue reading
Micropwns :: Risk Microprobabilities for Infosec?
NOTE: This is a re-post from a topic I started on the SecurityMetrics & SIRA mailing lists. Wanted to broaden the discussion to anyone not on those (and, why aren’t you on them?) I had not heard the term micromort prior to listening to David Spiegelhalter’s Do Lecture and the concept of it really stuck… Continue reading
Post-theft/loss Response & Recovery With Evernote
Last night, the kids left the garage open after sledding all afternoon and I failed to perform my usual rounds due to still being horrendously ill. At some point between 23:00 & 05:30, miscreants did a snatch & grab on some electronics and other items. Ugh. This was both a physical security failure and a… Continue reading
For Everyone Who Thought I Was Just A Zombie
You were right…(UPDATED with PK talk appearance )