![CarmeloWalsh[.]com](https://www.carmelowalsh.com/wp-content/themes/twentyten/images/headers/sunset.jpg)
November 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Blog Stats
- 75,649 hits
Tag Archives: risk analysis
Interactive VCDB
If you are new to the VCDB (Vocabulary for Event Recording and Incident Sharing Community Database), you are in for a treat. It’s a nice interface to gather information on incidents.
Posted in Security Blog
Tagged 2014, information security, risk analysis, Security Awareness
Comments Off on Interactive VCDB
Mid-year 2014 Data Breaches Exposed
2014 is going to replace 2013 as the highest year on record for exposed records, according to Risk Based Security. Mid-year 2014 at a Glance … • There were 1331 incidents reported during the first six months of 2014 exposing … Continue reading
Posted in Security Blog
Tagged 2014, breach, breach report, breaches, computer security, credit card, fraud, hacked, hacking, incidents, records, risk, risk analysis, risk management, security, Security Awareness
Comments Off on Mid-year 2014 Data Breaches Exposed
PRINCE2 Risk Management
22 minutes of your time and you will learn PRINCE2 Risk Management.
Posted in Security Blog
Tagged 2014, likelihood, probability, risk, risk analysis, risk author, risk category, risk management, risk response
Comments Off on PRINCE2 Risk Management
The Ponemon Institute’s Data Breach Study
In my opinion, the Ponemon Institute’s Cost of Data Breach Study is eye-opening. If you use a GRC tool that associates dollar amount loss per record, you should probably read this report and make the necessary changes. Increasing the cost … Continue reading
Posted in Security Blog
Tagged 2014, breach, ponemon, quantitative, risk, risk analysis, study, values
Comments Off on The Ponemon Institute’s Data Breach Study
iRisk
iRisk, or the iRisk equation is another quantitative analysis formula. Like most quantitative analysis models, you solve for the risk by calculating the threat and vulnerability, and lower the risk when mitigating or compensating controls are added. Here is where … Continue reading
Posted in Security Blog
Tagged 2014, fair, irisk, ISO 27001, ISO 27005, NIST 800-39, NIST 800-53, octave, quantitative, risk analysis
Comments Off on iRisk
What’s the Risk?
When asked, what’s the risk? I find great pleasure in flexing my ability to break down potential loss in either qualitative or quantitative methods. The FAIR Quantitative Risk Model was taught to me by Jack Jones, the creator. I also … Continue reading
Posted in Security Blog
Tagged 2014, analysis, basel categories, example, fair, isra, qualitative, quantitative, risk analysis
Comments Off on What’s the Risk?
Bruce Schneier: The Security Mirage
My CISO brought this up today, so I’m posting it to watch it.
Posted in Security Blog
Tagged 2014, Bruce Schneier, risk, risk analysis, security, ted, TEDxPSU
Comments Off on Bruce Schneier: The Security Mirage
Facilitated Risk Analysis Process (FRAP)
Though I prefer a quantitative risk analysis, such as Factor Analysis of Information Risk (FAIR), sometimes a quicker method, such as the Facilitated Risk Analysis Process (FRAP), a qualitative method is needed. Qualitative methods are much quicker, they don’t require … Continue reading
Posted in Security Blog
Tagged 2014, fair, frap, Jack Jones, qualitative, risk analysis
Comments Off on Facilitated Risk Analysis Process (FRAP)
