Home

In a recent article published online at the JFK School of Government at Harvard - Malcolm Sparrow talked about how controlling risks, is a central challenge for government regulators charged with the task of reducing societal ills and preventing bad things from happening. Professor Sparrow notes there does not seem to be a well-established language for risk assessment.

We think it is interesting to analyze the causes for this situation

Read more

The biggest bugs are hiding in the system integration interfaces your integration team glued on the day before delivery. They go home, you get fired.

Read more

Excel is easy to use, but you can lose or destroy your data pretty easily. Although risk assessment standards such as ISO 27001 or PCI DSS 1.1 have a one dimensional hierarchical structure of controls - you can get into big trouble once you try and link controls to vulnerabilities, assets and threats. The model starts getting multi-dimensional and that’s where Excel breaks down quickly and you lose data integrity.

Read more

This article reviews the main areas for concern for protecting information assets from internal threats and vulnerabilities. It starts with an anecdote from an interview with a senior manager and concludes with a recommendation for implementing an approach to protect data directly (as opposed to commonly-used methods that attempt to protect the network and limit user permissions).

Read more

One of the most common problems a CIO/VP information technologies has is understanding what are the most effective security products.   The cost of evaluating a new security technology can be very high, and often an IT manager will need to take a decision to implement a particular type of product (for example two-factor authentication) before she knows if the products will be effective.

Read more