Last Chance: MacBook Air, Dell XPS 13 or $600 off with SANS Online Training Ends December 7

SANS Security Trend Line

Ramblings On Risk - Part II

In Part I, I explained why I have always trashed the traditional risk equation of the form Risk = Probability of event * Cost/impact of event. I've pushed an alternative, simplified form of Risk = (Threat * Vulnerability) + Action. Here's where that comes from: I've always been a fan of the Common Vulnerability Scoring … Continue reading Ramblings On Risk - Part II


Twleve Word Tuesday: Pete Seeger Had It Nailed About Security

Any darn fool can make something complex; genius is making something simple. (Pete Seeger died yesterday. His full quote was a bit more verbose: "Any darn fool can make something complex; it takes a genius to make something simple.") Continue reading Twleve Word Tuesday: Pete Seeger Had It Nailed About Security


Ramblings on Risk Part I

I recently gave a webinar talk on Security Analytics that included a simplified risk equation I've been showing for years: Risk = (Threat * Vulnerability) + Action I'll explain that more in a bit. After the webinar I got some Twitter feedback that it was better to stick with the more historical risk equation: Risk … Continue reading Ramblings on Risk Part I


Twelve Word Tuesday: Look for the Fair Trade Label on Your Next Cup of Software

Fair-trade coffee buying assures sustainable farming - where's fair-trade software for secure development? Continue reading Twelve Word Tuesday: Look for the Fair Trade Label on Your Next Cup of Software


Twelve Word Tuesday: If Your Name is Target, You Probably Should Realize You Are One

Brick and mortar retailers have way more data breach incidents than e-tailers. Continue reading Twelve Word Tuesday: If Your Name is Target, You Probably Should Realize You Are One