Clik here to view.
All the World’s a Cloud
No, not really. But it could be. Consider, if you will, the five essential characteristics of cloud computing (via SP800-145, as well as the CSA Security Guide): On-demand self-service Broad network...
View ArticleClik here to view.
AuthN TNG: Many Factors, Confidence, and Risk Scoring
Caveat: I’m part of the Security and Risk Management Strategies (SRMS) team, and not part of Identity and Privacy Strategies (IdPS). Also, fair warning… this is an incomplete thought and a bit...
View ArticleMissing the Point, Over and Over and Over Again
I saw a quaint marketing message from a security vendor recently that made a call for “back to basics.” This is a somewhat intriguing piece of advice to give, considering that the basics aren’t really...
View ArticleClik here to view.
Q4 Challenge: Drop “Risk,” Be More Precise
I’ve decided to try something a little different. Near the beginning of each quarter I’m going to issue a challenge to everyone (colleagues, clients, vendors, etc.) in order to see if we can’t tackle a...
View ArticleClik here to view.
New Research on IT Risk Assessment and Analysis Methods
I’m pleased to announce that our new paper, “Comparing Methodologies for IT Risk Assessment and Analysis,” is now available to Gartner for Technical Professionals subscribers! This research represents...
View ArticleFatal Exception Error: The Risk Register
I read this article a few weeks ago and set it aside to revisit. In it, the author states that “Risk management used to be someone else’s job.” and then later concludes that “…in a global business...
View ArticleThings That Aren’t Risk Assessments
In my ongoing battle against the misuse of the term “risk,” I wanted to spend a little time here pontificating on various activities that ARE NOT “risk assessments.” We all too often hear just about...
View Article