Risk Management with Stuart King and Duncan Hart

February 2007

  • Dekstop AV - is Vista enough?

    Stuart King - Reed Elsevier 28 Feb 2007
  • Do the anti-malware controls built into Windows Vista mean that we can begin to think about reducing the amount we spend on third party desktop AV products? Discuss! I'm sitting on the fence on ...

  • Risk appraisal and acceptance process

    Stuart King - Reed Elsevier 26 Feb 2007
  • Today I've been trying to participate in a meeting where everyone except me is sitting in a building in Orlando. Unfortunately, for various reasons I wasn't able to travel over this week so it's a ...

  • Compliance and risk

    Stuart King - Reed Elsevier 26 Feb 2007
  • I've been reading a good, common-sense, article entitled "Compliance Optimization: Defining The Right Level Of Control" written by Michael Rasmussen and published by Forrester. Michael states that ...

  • OWASP Testing Guide v2

    Stuart King - Reed Elsevier 23 Feb 2007
  • I recommend that all of you involved in product development take note that OWASP have released v2 of the application testing guide. It's an excellent, detailed, easy to follow reference.

  • Scope of Information Security

    Stuart King - Reed Elsevier 22 Feb 2007
  • There's an interesting article in the latest edition of Computers & Security Journal entitled "Information Lifecycle Security Risk Assessment: A tool for closing security gaps" by Ray Bernard. ...

  • Man on train displays password

    Stuart King - Reed Elsevier 22 Feb 2007
  • Sitting next to me on the train yesterday was an employee of a large telecoms company. I know this from the ID badge he was wearing and the asset tag on his laptop. On the lid of his laptop was a ...

  • Importance of process

    Stuart King - Reed Elsevier 21 Feb 2007
  • About 10 years ago I began a short contract working as a programmer for a bank. On beginning the role, my very first task was to read the programming standards manual. This was a custom written 400 ...

  • Marketing security

    Stuart King - Reed Elsevier 20 Feb 2007
  • The comment left on my previous entry led me to an excellent blog at http://www.emergentchaos.com/. One of the contributors to that blog, Arthur, makes an interesting and very true point: "security ...

  • Threat modelling and risk ownership

    Stuart King - Reed Elsevier 19 Feb 2007
  • I've spent a fair amount of time over the past year or so looking at threat modelling as it applies to the product space. Threat modelling is a time consuming process but it's an invaluable tool in ...

  • Colour blind

    Stuart King - Reed Elsevier 18 Feb 2007
  • Sometimes the simplest things can make a difference. I was speaking to a group of Dutch product managers a few days ago, walking through a risk assessment process. The most important parts of the ...

  • Two factor authentication and PayPal

    Stuart King - Reed Elsevier 15 Feb 2007
  • Has PayPal's introduction of a security token improved security (read the news item) and is this a lead to be following? Personally I believe that it is a positive move in the right direction. ...

  • Zero day attacks

    Stuart King - Reed Elsevier 12 Feb 2007
  • A couple of years ago, I along with the team I worked with, assessed zero-day malware as potentially the biggest risk faced by our business. In fact I wrote up a white paper based on research I ...

  • DWP pension letter mix-up

    Stuart King - Reed Elsevier 10 Feb 2007
  • Today in the news we see another example of a government department playing rough-shod over private data. You'll recall that last week we had the story about smart-cards being shared. Today we're ...

  • Portable wireless hacking device

    Stuart King - Reed Elsevier 09 Feb 2007
  • Did you see this gadget, on show at the RSA Security Conference? It's a "a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, ...

  • Risk Assessment Process

    Stuart King - Reed Elsevier 08 Feb 2007
  • Somebody asked me if I'd put a bit more detail around some of the high level topics I cover in this blog. So I thought I'd talk a bit about the risk assessment processes that I follow. There are a ...