February 2008
61 posts
Curphey on BPM | securosis.com →
Someone to Watch, Over Me…. →
Before we dive back into Deming later this week, I wanted to comment on some discussion we’ve been having over at Chandler Howell’s NBFAC Blog. Over at Chandler’s podium for all things risky (which, it should be noted, is the original IRM blog) - there’s some discussion about GRC and their meaning and role and purpose. In my usual manner, I made a hasty, didactic statement to be taken as fact...
Another View on Deming & Risk Management →
When I had wrote about Deming, I hadn’t realized that Adrian Lane of IPLocks was one step ahead. He’s written a piece on Deming’s 14 points on the IPLocks.com blog here.
Clemens Kogler - Le Grand Content →
What an excellent video!
Barn Door Simple? Not Exactly… →
Scott Wright of Scott Wright’s Security Views Blog wrote recently in his post “A Barn Door Has No ROI”:
But how many organizations realize that investing in security safeguards is just like putting a door on a barn. It’s not so much trying to figure out how much money you will save if you put on a door. You know if you don’t put on a door, eventually, you’re going to have to buy a new horse.
...
Deming and Risk Management →
This morning, Pete Lindstrom sent the following out to the SecurityMetrics.org mailing list:
This book was recommended to me today: How to Measure Anything: Finding the Value of “Intangibles” in Business. It appears to be getting very good reviews (all sockpuppets, I’m sure ;-)). One of the comments says this:
Hubbard put forth these four assumptions which I found to be most useful when...
Discovery Channel Broadcast on Decisions and... →
This link is an .mp3 on the Discovery Channel’s website for a show they did called “Understanding Odds” on decisions and probability. It’s really good reading, especially their definition of a “good decision” at around minute 23.
There’s also an excerpt on YouTube that’s awesome.
Great Stuff!
Data Breach Notification Laws, State By State -... →
WatchVideo Fantastica! Smoke on the Water
The Effectiveness of the Most Underappreciated... →
Post Summary: Measuring Control Effectiveness is a tricky thing, as effectiveness is relative to external factors. Because we don’t have precise measurements for those factors, Control Effectiveness is (you guessed it) a probability issue. One angle that is usually under-appreciated is the ability of our controls to reduce the probability of action by a threat agent. More research should be...
Spire Security Viewpoint: Back of the Envelope... →
Will ISO 27004 Be Able to Help Us Measure Control... →
A few days ago, when I was much busier being moral support to the Mrs., the Cyberphobia blog wrote an interesting article on ISO 27004. 27004 is all about measuring the effectiveness of our controls.
Our anonymous friend at Cyberphobia does a great breakdown “word for word” on the language surrounding 004, I won’t replicate it here but forward you to the site. Go ahead and click over, I’ll...
Ning has no import of RSS or Twitter? Lame.
I’m thinking of removing my twitters from my Tumblr blog
Hanging with Brooke Paul, talking Security Start Up
Beaker - You don’t count. You’re an outlier.
hi I’m a cso. How are you going to help me manage my risk much better than I am today?
LOL andy. Youre the majority of the distribution
I’m sore and tired and need more coffee. Newborns are fun
there is no ROI in security. There is only the reduction of probabilities.
Having a great meeting with a large enterprise CISO who has been using FAIR without our input and comparing notes. I’m LOVING today!
It’s all about userbase. Jaiku & Pownce both seem cooler than Twitter to some degree…
I’m also wondering if .NET isn’t in my future
Google Reader not marking things as “read”. Never thought netnewswire would be better…
I’m going to bed. I’ve had it with today
yeah! The baby is *very* cholicy
Writing a response to the ISO 27001 mailing list. Hoping that I can communicate effectively between languages and skill sets represented.
Everybody else is having a great day, and I can’t figure out how to subscribe to RSS in Firefox 3b2. Not my day…
Apparently a refresh made the little icon come back. Oh Happy Day anyhow!
Caught up with Mark for a bit. Good to hear the Microsoft thing is working out for him. He seems very happy
trying pockettweets on iphone while dreameaver installs
Could Twihrl be the culprit? Had complete freeze again right before it updated
AppZapper for OS X Is fun…
no force quit, hard reboot. Suspecting Dreamweaver
Firefox Beta 3 just bit it. FORCE QUIT
But he’s in a meeting now! I did leave him a VM
Oh man, I just told Mortman I’d meet him downtown for lunch, and my wife took my keys. I’m stranded.
Oh, I’m worried about the economy. Worried about the economy. If this isn’t handled right, it could be a serious recession.
Looking for Old VPN Manuals →
Happy Monday! I’m looking for old VPN manuals, sales brochures, or other documentation. Especially old VPN-1 or Aventail MobileVPN - circa 1996/early 1997. Might be willing to buy them. If you have anything, please leave me a comment.
Thanks,
Alex
If there’s a smile on my face, it’s only there tryin’ to fool the public…
Twitter IM is back, but the updates aren’t
Twitter IM is back!
Been summoned to go procure dinner. Clapping twice to turn twitter off.
Trying out CSSEdit & Pixelmator for some web work. LOOKIT ME, I’m going Delicious!
Hooray For Humanity http://tinyurl.com/37mlh5
IRM friend of mine finding out that manufacturing is different from Financial Servcies.
SecurityTwitters: You’re impression of BiTS please!