Sergej Khackimullin - Fotolia

Risk Management with Stuart King and Duncan Hart

Dealing with the operational challenges of information security and risk management.

January 2007

  • More on the smartcard story - a solution

    Stuart King - Reed Elsevier 31 Jan 2007
  • Having slated an NHS Trust in my blog yesterday for its misuse of smartcards, I was wondering how I would resolve the problem if it were up to me to manage the situation. Let's review the problem: ...

  • Smartcard sharing

    Stuart King - Reed Elsevier 30 Jan 2007
  • I know that this isn't supposed to be a blog for passing comment on the news and that you are all reading this because of my detailed expose of everyday life at the sharp end of risk management. ...

  • Outsourced challenges

    Stuart King - Reed Elsevier 30 Jan 2007
  • My blog has been unattended for a couple of days as I returned from some overseas travels and have been playing catch-up on home and work life. One of the subjects that came up whilst away was ...

  • Assessing data handling

    Stuart King - Reed Elsevier 24 Jan 2007
  • The current challenge is to put together a new security assessment questionnaire focused on data handling. I'm working on this with one of my American colleagues, and predictably we've both come to ...

  • Downside of vulnerabilty testing

    Stuart King - Reed Elsevier 24 Jan 2007
  • Few will argue that vulnerability testing is not an important part of the online product lifecycle but I was caught slightly unawares by this question in a recent meeting: if we test a product, and ...

  • Levels of detail

    Stuart King - Reed Elsevier 22 Jan 2007
  • What makes for a good security blog? I was reading a comment from a well respected industry name who states that much of the content on the web is either "technical and often incorrect" or of "no ...

  • Risk perceptions and historical data

    Stuart King - Reed Elsevier 22 Jan 2007
  • A couple of years ago a UK town council banned hanging flower baskets from public display because of the thoeretical risk that they might fall down and hit someone on the head. You can read the ...

  • Compliance, change control, and firewalls

    Stuart King - Reed Elsevier 19 Jan 2007
  • What exactly does "compliance" mean? If I'm reviewing a product and conclude that it is compliant against some particular policy or regulation then what that really means is that it is compliant at ...

  • Web site password policy

    Stuart King - Reed Elsevier 17 Jan 2007
  • What's your websites password policy? 5 characters? 6 characters including upper/lower case and numbers? How did you choose the policy? Did the IT department think it would be a good idea? Is it ...

  • Going to America

    Stuart King - Reed Elsevier 15 Jan 2007
  • Operational risk management today takes me to Dayton, Ohio. I'm there to give a presentation on eProduct risk management as well as to make personal acquiantance with a number of people I usually ...

  • More incident response

    Stuart King - Reed Elsevier 12 Jan 2007
  • Still on the subject of incident response, I was reading this article on the "Seven Steps To Follow When Data Leakage Strikes" as described by Experian's CISO, James Christiansen. I've not met ...

  • Unit testing software

    Stuart King - Reed Elsevier 12 Jan 2007
  • I've been meaning to talk about unit testing software for a while. This is software that can analyse source code on the developers desktop and identify errors and security vulnerabilities before ...

  • Incident definition and response

    Stuart King - Reed Elsevier 11 Jan 2007
  • Another news story suggesting that a hacker "may have breached" information but that personal information "was not compromised." If you want to read the full story then go here. I'm not sure it's ...

  • Risk assessment software deployment

    Stuart King - Reed Elsevier 10 Jan 2007
  • Todays big challenge has been to deploy a new version of a management tool that we had developed for storing our business unit risk assessment data. It's a big deal because having the information ...

  • It's the developers it?

    Stuart King - Reed Elsevier 09 Jan 2007
  • Some excellently reported statistics here relating to web application vulnerability testing performed by Imperva: One ...