Blog Posts Tagged with "Risk Assessments"

7fef78c47060974e0b8392e305f0daf0

An Introduction to OSSTMM Version 3

July 15, 2010 Added by:Infosec Island Admin

As a security consultant, I've always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client's network or business. With the impending release of OSSTMMv3 I'll share my thoughts on the success of the model...

Comments  (19)

1789975b05c7c71e14278df690cabf26

Ending the Security Business of Guessing

July 13, 2010 Added by:Pete Herzog

In the research for factual security metrics, factual trust metrics, and reliable, repeatable ways for verifying security, including concretely defining security, we found that the practice of guessing forecasting risk was not only non-factual but also backwards...

Comments  (16)

1789975b05c7c71e14278df690cabf26

Hackers May Be Giants with Sharp Teeth

July 06, 2010 Added by:Pete Herzog

Interestingly, the point of a risk assessment is to determine vulnerabilities, assets, and threats. So why does a 9-year-old know what so many security professionals don't? Why does she realize that imagining what the threat looks like is just an exercise in creativity, not prediction?

Comments  (3)

9259e8d30306ac2ef4c5dd1936e67634

Risk assessment tips for smaller companies

June 30, 2010 Added by:Dejan Kosutic

I have seen quite a lot of smaller companies (up to 50 employees) trying to apply risk assessment tools as part of their ISO 27001 implementation project. The result is that it usually takes too much time and money with too little effect.

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 2)

November 02, 2009 Added by:Stephen Primost

Vulnerability testing at the acceptance stage of an application's Software Development Life Cycle (SDLC) will not compensate for the lack of an understanding of what is being done during the software development even though you may not have control over the development efforts. You need a plan that puts those controls in place and allows that governance. Ignoring vulnerabilities will not prevent b...

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »