Blog Posts Tagged with "Risk Assessments"
July 15, 2010 Added by:Michael Menefee
As a security consultant, I've always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client's network or business. With the impending release of OSSTMMv3 I'll share my thoughts on the success of the model...
July 13, 2010 Added by:Pete Herzog
In the research for factual security metrics, factual trust metrics, and reliable, repeatable ways for verifying security, including concretely defining security, we found that the practice of guessing forecasting risk was not only non-factual but also backwards...
July 06, 2010 Added by:Pete Herzog
Interestingly, the point of a risk assessment is to determine vulnerabilities, assets, and threats. So why does a 9-year-old know what so many security professionals don't? Why does she realize that imagining what the threat looks like is just an exercise in creativity, not prediction?
June 30, 2010 Added by:Dejan Kosutic
I have seen quite a lot of smaller companies (up to 50 employees) trying to apply risk assessment tools as part of their ISO 27001 implementation project. The result is that it usually takes too much time and money with too little effect.
November 02, 2009 Added by:Stephen Primost
Vulnerability testing at the acceptance stage of an application's Software Development Life Cycle (SDLC) will not compensate for the lack of an understanding of what is being done during the software development even though you may not have control over the development efforts. You need a plan that puts those controls in place and allows that governance. Ignoring vulnerabilities will not prevent b...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013