Risk Management with Stuart King and Duncan Hart
February 2007
-
Dekstop AV - is Vista enough?
- Reed Elsevier 28 Feb 2007 -
Risk appraisal and acceptance process
- Reed Elsevier 26 Feb 2007 -
Compliance and risk
- Reed Elsevier 26 Feb 2007
Do the anti-malware controls built into Windows Vista mean that we can begin to think about reducing the amount we spend on third party desktop AV products? Discuss! I'm sitting on the fence on ...
Today I've been trying to participate in a meeting where everyone except me is sitting in a building in Orlando. Unfortunately, for various reasons I wasn't able to travel over this week so it's a ...
I've been reading a good, common-sense, article entitled "Compliance Optimization: Defining The Right Level Of Control" written by Michael Rasmussen and published by Forrester. Michael states that ...
-
OWASP Testing Guide v2
- Reed Elsevier 23 Feb 2007 -
Scope of Information Security
- Reed Elsevier 22 Feb 2007 -
Man on train displays password
- Reed Elsevier 22 Feb 2007 -
Importance of process
- Reed Elsevier 21 Feb 2007 -
Marketing security
- Reed Elsevier 20 Feb 2007 -
Threat modelling and risk ownership
- Reed Elsevier 19 Feb 2007 -
Colour blind
- Reed Elsevier 18 Feb 2007
I recommend that all of you involved in product development take note that OWASP have released v2 of the application testing guide. It's an excellent, detailed, easy to follow reference.
There's an interesting article in the latest edition of Computers & Security Journal entitled "Information Lifecycle Security Risk Assessment: A tool for closing security gaps" by Ray Bernard. ...
Sitting next to me on the train yesterday was an employee of a large telecoms company. I know this from the ID badge he was wearing and the asset tag on his laptop. On the lid of his laptop was a ...
About 10 years ago I began a short contract working as a programmer for a bank. On beginning the role, my very first task was to read the programming standards manual. This was a custom written 400 ...
The comment left on my previous entry led me to an excellent blog at http://www.emergentchaos.com/. One of the contributors to that blog, Arthur, makes an interesting and very true point: "security ...
I've spent a fair amount of time over the past year or so looking at threat modelling as it applies to the product space. Threat modelling is a time consuming process but it's an invaluable tool in ...
Sometimes the simplest things can make a difference. I was speaking to a group of Dutch product managers a few days ago, walking through a risk assessment process. The most important parts of the ...
-
Two factor authentication and PayPal
- Reed Elsevier 15 Feb 2007 -
Zero day attacks
- Reed Elsevier 12 Feb 2007 -
DWP pension letter mix-up
- Reed Elsevier 10 Feb 2007 -
Portable wireless hacking device
- Reed Elsevier 09 Feb 2007 -
Risk Assessment Process
- Reed Elsevier 08 Feb 2007
Has PayPal's introduction of a security token improved security (read the news item) and is this a lead to be following? Personally I believe that it is a positive move in the right direction. ...
A couple of years ago, I along with the team I worked with, assessed zero-day malware as potentially the biggest risk faced by our business. In fact I wrote up a white paper based on research I ...
Today in the news we see another example of a government department playing rough-shod over private data. You'll recall that last week we had the story about smart-cards being shared. Today we're ...
Did you see this gadget, on show at the RSA Security Conference? It's a "a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, ...
Somebody asked me if I'd put a bit more detail around some of the high level topics I cover in this blog. So I thought I'd talk a bit about the risk assessment processes that I follow. There are a ...