Good morning everyone sorry I have not posted in the past few days, but real life has been calling. Today will be a short list of interesting InfoSec posts and blogs. Have a great day!
2 – 10 Digits that will change privacy as we know it
3 – 8 Dirty Secrets of IT Security Industry
CISCO has posted its August 3-9 Cyber Risk Report. This report covers risks including vulnerabilities, physical and legal issues as well as trust areas. The report also includes a listing of some upcoming Security Events.
An Introduction to Factor Analysis of Information Risk (FAIR) by Jack A. Jones, CISSP, CISM, CISA is an excellent paper on understanding, analyzing and measuring risk. The basis of the paper is formed around the idea that Security Professionals need to have a common taxonomy, or classification for the ideas used in evaluating risk.
“Ask a dozen information security professionals to define risk and you’re certain to get several different answers. Pick up any information security book and you’re likely to find that the author has used the terms risk, threat, and vulnerability interchangeably (they aren’t the same thing). The simple fact is that our profession hasn’t adopted a standard lexicon or taxonomy.”
The author is very much aware that the paper represents a paradigm shift that will increase awareness and begin some needed discussions within our profession concerning the process of evaluating risk. It is well worth the read and discussion.
