Risk Management with Stuart King and Duncan Hart

November 2007

  • 2007 Data Breach Survey

    Stuart King - Reed Elsevier 29 Nov 2007
  • The Ponemon Institute has concluded this year that "data breach incidents cost companies $197 per compromised customer record in 2007, compared to $182 in 2006. " This data is reported in the ...

  • Biggest corporate security threats

    Stuart King - Reed Elsevier 28 Nov 2007
  • If you were to ask me what I consider the biggest security threats to a large organisation are, then I would reply that it's two things: third parties and portable devices. We're asking more of ...

  • Dangers of third party content

    Stuart King - Reed Elsevier 28 Nov 2007
  • An excellent presentation from the latest OWASP conference is available on the subject of security around provisioning online third party content. You can download it directly from the conference ...

  • 200 Today

    Stuart King - Reed Elsevier 27 Nov 2007
  • This is the 200th entry on this blog! I'm certainly not in any danger of running out of things to talk about. We're in a very dynamic environment where the risk equation must be continually ...

  • Password strength

    Stuart King - Reed Elsevier 27 Nov 2007
  • The old debate about password strength has resurfaced. Somebody asked me "how many passwords are really cracked?" It's a good question, and one that I don't have the answer to. Which doesn't really ...

  • Changing threat environment

    Stuart King - Reed Elsevier 26 Nov 2007
  • Nothing focuses the mind more than being asked to prepare an updated report for the board. Can we report that previously reported risks have been reduced? Certainly we can because that's what we're ...

  • Data breach analysis

    Stuart King - Reed Elsevier 25 Nov 2007
  • I've been looking back at the recent history of data breaches. This resource at http://www.privacyrights.org/ar/DataBreaches2006-Analysis.htm shows that of 126 private sector incidents, 40% were ...

  • HMRC - further comment

    Stuart King - Reed Elsevier 22 Nov 2007
  • I suspect that the England soccer team losing their vital match against Croatia last night was a pre-planned conspiracy to give us something else to talk about other than the HMRC ...

  • HMRC Data Incident

    Stuart King - Reed Elsevier 21 Nov 2007
  • We have no option but to consider the data compromised. As such, every individual whose details were on those disks must be notified of the potential consequences and given the tools they need to ...

  • Virtual Worlds - Where are the rules?

    Stuart King - Reed Elsevier 19 Nov 2007
  • "A recent virtual meeting of 200 IBMers was held in a recreation of Beijing's Forbidden City, where the avatars of the company's chief scientist, Irving Wladawsky-Berger, and CEO, Sam Palmisano, ...

  • The purpose of security metrics

    Stuart King - Reed Elsevier 18 Nov 2007
  • I must admit that I am still struggling with metrics. One problem is now between what I believe are useful statistics to be gathering against what's useful information for management. Another is ...

  • Spam is still a threat

    Stuart King - Reed Elsevier 17 Nov 2007
  • We don't seem to talk about spam much anymore. Services such as Postini and products like SurfControl have more or less removed spam from the corporate Inbox. While these products are generally ...

  • Database Security - Facts are stubborn things, but statistics are more pliable

    Stuart King - Reed Elsevier 15 Nov 2007
  • Quite how David Litchfield of NGS Software can survey a million IP addresses, find 200 vulnerable databases, and then conclude that this means there are half a million others similarly vulnerable ...

  • Psychology & Security

    Stuart King - Reed Elsevier 14 Nov 2007
  • I'm not a conspiracy theorist. Neither am I religious, superstitious, nor to I believe in horoscopes, flying saucers, or any other fantasy "spiritual" mumbo jumbo. That doesn't mean I'm not ...

  • Database Log Management Paper

    Stuart King - Reed Elsevier 14 Nov 2007
  • Anton Chuvakin has published a good paper on Database Log Management. You can download it for free here: http://www.infosecwriters.com/text_resources/pdf/AChuvakin_DB_Logging.pdf.