Category Archives: Risk Management
RAND has published an interesting report on the cybersecurity black market. This report “Markets for Cybercrime Tools and Stolen Data” was sponsored by Juniper . (direct link to pdf). This report is good reading for any security professional, worth to … Continue reading
Global State of Information Security Survey by PwC is interesting reading. It contains several questions and answers from various fields of industry. Definitely worth to have a look.
VTT (Technical Research Centre of Finland) is coordinating risk management forum via PK-RH web site. The forum is shared by many stake holder organizations. In the PK-RH main page, Risk Management Toolkit is introduced. The toolkit contains various tools: Booklets: … Continue reading
There are different vocabularies for Information Security. One good reference Risk Management is the ISO Guide 73 from 2009. For Information Security, one should look ISO 27000 from 2009. Unfortunately these standards are not free. For free vocabulary, it is … Continue reading
There exist several Risk Assessment methods in addition to related ISO standards. This one from UK goverment contains also a worked example. It is worth to have a quick look. Document “HMG IA Standard No.1 – Technical Risk Assessment – … Continue reading
DBIR is a must to view for anyone working with the information security. 2011 report is available here.