Daily Archives: March 24, 2014

iRisk

iRisk, or the iRisk equation is another quantitative analysis formula. Like most quantitative analysis models, you solve for the risk by calculating the threat and vulnerability, and lower the risk when mitigating or compensating controls are added. Here is where … Continue reading

Posted in Security Blog | Tagged , , , , , , , , , | Comments Off on iRisk

BCJs in an SSAE-16

I looked everywhere for this acronym that I found while processing a Type II SSAE-16. I guessed pretty close, but since someone helped me find it, you may have to google it one day and hopefully you will find that: … Continue reading

Posted in Security Blog | Tagged , , | Comments Off on BCJs in an SSAE-16