This week I’m attending the CERIAS symposium at Purdue University in West Lafayette Indiana. I’ve had some really great conversations with several leaders in the industry, and found some great contacts within government that may or may not lead anywhere. It has been interesting to see some of the presentations. The variability in the panelists [...]
Entries Tagged as 'Enterprise Risk Management'
CERIAS Posters: Two posters on some of my works in progress
April 4th, 2012 (posted by: sam) · No Comments
Tags: Cyber Warfare · Enterprise Risk Management · Poster Presentations
Risky business with national budgets
December 19th, 2011 (posted by: sam) · No Comments
If you hear an information technology professional say there are risks to an organization fire them. There is only risk. Risk is a state of possible negative consequences and stating there are multiple risks is glossing over a deeper reality. There is risk in breathing. There is risk in not breathing. Evaluating the overall risk [...]
Tags: Enterprise Risk Management
Threats and heuristics in enterprise risk management (infosec)
December 8th, 2011 (posted by: sam) · No Comments
When trying to assess enterprise risk and the threats vectors that create risk there are standard models or derivations of frameworks that are found in the literature such as NIST and Octave-Allegro . The current practice is to take the various simplistic risk frameworks, whether single loss expectancy (SLE=AV*EF) or annualized loss expectancy (ALE=ARO*SLE), then derive from that [...]
Tags: Enterprise Risk Management
Blood is thicker than TCP/IP
November 30th, 2011 (posted by: sam) · No Comments
Jeffrey Carr predicts 2012 isn’t going to be a pretty way forward for information security professionals, industry or governments. He has a couple of points I’d like to dissect a little bit. I’m not much for alarm bells. We’ve had a lot of wake up calls, enough snooze alarms, and a bunch of over sleeping [...]
Tags: Enterprise Risk Management
Positions on risk and information security
November 20th, 2011 (posted by: sam) · No Comments
Consider the risk management of information and the principles of risk themselves. Do we have a culture that is working so far to right of the normalized curve of expectations that we’re expending huge amounts of resources for very little gain. Consider some very specific cases of risk management and cultures of fear and the [...]
Tags: Enterprise Risk Management
Concept Map: Enterprise Risk Management
November 18th, 2011 (posted by: sam) · No Comments
EDIT 2/27/2012 — A lot of people are showing up looking at this lately. I have an update on it that I can post if you are interested. Using the comment function is onerous but let me know if you want to see it. What is currently missing from this version is a good discussion [...]
Tags: Enterprise Risk Management
Less is more: Orphan computers and mission assurance
November 13th, 2011 (posted by: sam) · No Comments
Unlike a lot of technologists I don’t have a bevy of personal computers I use. I only have one primary computing device, one phone, and that’s it. Yes I have a couple of computers for work that are used at work and remain there. One sits in my desk drawer and hasn’t been turned on [...]
Tags: Enterprise Risk Management · Information Assurance and Security
Changing Tactics: Swarm and air power
November 10th, 2011 (posted by: sam) · No Comments
David Ronfeldt and John Arquilla in the early 2000s discussed as part of Network-centric Warfare the concept of swarming. Large scale forces working autonomously with heightened capacity but perhaps lower cost and capability are able to work effectively against opponents. You might recognize this tactic as what the Somali pirates and the war lords in [...]