Good afternoon everyone! Hope your Patch Tuesday is going well.
Here are some of today’s interesting InfoSec postings.
Patch Tuesday
1 – Microsoft Security Bulletin for August 11th
The Twitter DDOS continues to raise security issues.
2 – Twitter breach revives cloud security fears
“Yes Virginia there is a Mac virus.”
3 – Mac Users Should Avoid MacCinema Installer
CISCO has posted its August 3-9 Cyber Risk Report. This report covers risks including vulnerabilities, physical and legal issues as well as trust areas. The report also includes a listing of some upcoming Security Events.
An Introduction to Factor Analysis of Information Risk (FAIR) by Jack A. Jones, CISSP, CISM, CISA is an excellent paper on understanding, analyzing and measuring risk. The basis of the paper is formed around the idea that Security Professionals need to have a common taxonomy, or classification for the ideas used in evaluating risk.
“Ask a dozen information security professionals to define risk and you’re certain to get several different answers. Pick up any information security book and you’re likely to find that the author has used the terms risk, threat, and vulnerability interchangeably (they aren’t the same thing). The simple fact is that our profession hasn’t adopted a standard lexicon or taxonomy.”
The author is very much aware that the paper represents a paradigm shift that will increase awareness and begin some needed discussions within our profession concerning the process of evaluating risk. It is well worth the read and discussion.
