Alex Hutton

Gartner’s worst case for 2009 IT budgets isn’t so bad | Between the Lines | ZDNet.com

Tue, 14 Oct 2008 12:13:08 -0400

Gartner’s worst case for 2009 IT budgets isn’t so bad | Between the Lines | ZDNet.com

AESRM - Projects and Publications

Tue, 14 Oct 2008 12:13:07 -0400

AESRM - Projects and Publications

Our Blog Got High Ratings!

Mon, 13 Oct 2008 11:37:43 -0400

Our Blog Got High Ratings!:

Tooting our own horn on Monday morning, the excellent Thinking Problem Management blog gave us their coveted “5 pineapple” rating!

In your face, RISKS Digest!

Why Risk Management Doesn’t Work (?!)

Wed, 08 Oct 2008 15:07:02 -0400

Why Risk Management Doesn’t Work (?!): Several folks (Hi Daniel, Brent, David!) sent email & twitters asking us our opinion on a Dark Reading article called “Why Risk Management Doesn’t Work” which if you click on the link should…

Around The Web For Friday

Fri, 26 Sep 2008 10:27:01 -0400

Around The Web For Friday:

We’re frequently asked what we’re reading and what we like in blog posts, so here are some interesting things that hit our RSS readers that you may have missed:

COBIT rivals ITIL from The IT…

One Man’s Frustrations With “Risk Management”

Tue, 23 Sep 2008 15:11:08 -0400

One Man’s Frustrations With “Risk Management”:

Chris, who is a male in Government C&A has a blog with a wonderful title: How is that Assurance Evidence?

I’d love to have another blog even more specific - “Ok, that Assurance is Evidence Of…

So Logically, If She Weighs The Same As A Duck…She’s A Witch!

Thu, 18 Sep 2008 11:02:54 -0400

So Logically, If She Weighs The Same As A Duck…She’s A Witch!: I usually try to stay far away from politics and current events, but my friend Rich has put up a blog post blaming the credit crisis on quantitative analysis, and then positing that because the…

Hansei and the CISO

Tue, 16 Sep 2008 13:52:39 -0400

Hansei and the CISO: Continuing our series on Hansei-Kaizen, you’ll recall that my thoughts are about applying the concept of relentless reflection (Hansei) and continuous improvement (Kaizen) to security management. …

Best, Good, Standard Practices

Wed, 03 Sep 2008 08:43:51 -0400

Best, Good, Standard Practices:

It’s like Scott knew it was my birthday and wrote a special comic just for me!

Risk and CVSS

Tue, 02 Sep 2008 13:43:21 -0400

Risk and CVSS: Chris Hayes is taking me to town in terms of risk content with his last two posts on Risk & CVSS. I told you his blog was going to be a good one.

Gemba & The Journey

Thu, 28 Aug 2008 13:29:00 -0400

Gemba & The Journey: Couple of things first before we get to the next post in the Hansei series. First, Jon Robinson was thinking about reputation damage and stock price and wrote a very lucid and smart post on the…

Relentless Reflection - What it Means in Risk Management

Tue, 26 Aug 2008 14:09:03 -0400

Relentless Reflection - What it Means in Risk Management:

Picking up from yesterday, Today I’d like to talk about:

HANSEI - WHAT IS “RELENTLESS REFLECTION?” - And why we’re talking about it in the context of Risk Analysis.

Recall from yesterday’s post…

Hansei-Kaizen & Risk Management Practices

Mon, 25 Aug 2008 11:30:46 -0400

Hansei-Kaizen & Risk Management Practices:

You might consider this a follow on to the Deming in Risk Management series I did this spring.

Recently, Thinking Problem Management wrote on the concept of Hansei-Kaizen. That started…

Reputation Damage & Measurement

Fri, 22 Aug 2008 12:28:04 -0400

Reputation Damage & Measurement: Reputation damage can be one of the most difficult concepts to build measurements around. In fact, it can be difficult to develop the actual metrics for the measurements, as well. Damage to things…

Server Upgrade

Sat, 16 Aug 2008 16:22:22 -0400

Server Upgrade:

So our server was upgraded by our hosting provider. Unfortunately, in the upgrade, a comment from Christian was lost amidst the shuffle. Sorry Christian!

Please take a second and verify your RSS…

Is Your Firewall a “High Risk Entity”

Fri, 15 Aug 2008 13:20:48 -0400

Is Your Firewall a “High Risk Entity”: Not trying to be overly snarky here, but I was reviewing some GRC product literature recently. And there was a screenshot of an application window showing how the software helps identify “high risk…

UPDATES GALORE! or, THE PRONOUN “WE” MEANS YOU AND ME!

Wed, 13 Aug 2008 13:21:04 -0400

UPDATES GALORE! or, THE PRONOUN “WE” MEANS YOU AND ME!:

So much traveling, so little blogging. Sorry everyone. I’ve gotta say first that I really enjoyed meeting readers and friends of the blog this past two weeks.

Today, allow me to update you on…

New Weblog - It’s Gonna Be Good: Risktical.Com

Fri, 01 Aug 2008 08:29:42 -0400

New Weblog - It’s Gonna Be Good: Risktical.Com:

From Chris Hayes at http://risktical.com/.

I have the utmost respect for Chris as a risk analyst. He’s big in (started?) the Columbus OWASP chapter (and I have to admit to not getting to a…

Mathematicians, The French, & Risk Analysts

Wed, 30 Jul 2008 09:25:33 -0400

Goethe: “Mathematicians are like Frenchmen: whatever you say to them they translate into their own language and forthwith it is something entirely different.”

Reminder: WebEx Seminar on Risk Analysis

Tue, 29 Jul 2008 15:08:19 -0400

Reminder: WebEx Seminar on Risk Analysis: Hey everybody! Quick post this morning to remind you guys that Cisco has been kind enough to let us give a follow on WebEx presentation on July 31, 2008 at 11:30 a.m. EDT. The link to sign up is