Blog Posts Tagged with "Risk Assessments"


An Introduction to OSSTMM Version 3

July 15, 2010 Added by:Infosec Island Admin

As a security consultant, I've always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client's network or business. With the impending release of OSSTMMv3 I'll share my thoughts on the success of the model...

Comments  (19)


Ending the Security Business of Guessing

July 13, 2010 Added by:Pete Herzog

In the research for factual security metrics, factual trust metrics, and reliable, repeatable ways for verifying security, including concretely defining security, we found that the practice of guessing forecasting risk was not only non-factual but also backwards...

Comments  (16)


Hackers May Be Giants with Sharp Teeth

July 06, 2010 Added by:Pete Herzog

Interestingly, the point of a risk assessment is to determine vulnerabilities, assets, and threats. So why does a 9-year-old know what so many security professionals don't? Why does she realize that imagining what the threat looks like is just an exercise in creativity, not prediction?

Comments  (3)


Risk assessment tips for smaller companies

June 30, 2010 Added by:Dejan Kosutic

I have seen quite a lot of smaller companies (up to 50 employees) trying to apply risk assessment tools as part of their ISO 27001 implementation project. The result is that it usually takes too much time and money with too little effect.

Comments  (0)


Road Map for an Application/Software Security Architect (Part 2)

November 02, 2009 Added by:Stephen Primost

Vulnerability testing at the acceptance stage of an application's Software Development Life Cycle (SDLC) will not compensate for the lack of an understanding of what is being done during the software development even though you may not have control over the development efforts. You need a plan that puts those controls in place and allows that governance. Ignoring vulnerabilities will not prevent b...

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »