4 Days Left to Save $200 on SANS Dallas 2017

SANS Security Trend Line

Twelve Word Tuesday: Would a CEO Depend on Yearly Audits, Plus Quarterly "Scans," to Determine if the Company was Profitable?

CISOs could learn much from good CFOs about actually doing continuous monitoring. Continue reading Twelve Word Tuesday: Would a CEO Depend on Yearly Audits, Plus Quarterly "Scans," to Determine if the Company was Profitable?


Twelve Word Tuesday: No Need to Expand the Periodic Table of the Elements to Bake a Tastier Pie

Retail cyber-security advancement requires vast improvements in PCI governance, not DSS bloat. Continue reading Twelve Word Tuesday: No Need to Expand the Periodic Table of the Elements to Bake a Tastier Pie


Ramblings On Risk - Part II

In Part I, I explained why I have always trashed the traditional risk equation of the form Risk = Probability of event * Cost/impact of event. I've pushed an alternative, simplified form of Risk = (Threat * Vulnerability) + Action. Here's where that comes from: I've always been a fan of the Common Vulnerability Scoring … Continue reading Ramblings On Risk - Part II


Twleve Word Tuesday: Pete Seeger Had It Nailed About Security

Any darn fool can make something complex; genius is making something simple. (Pete Seeger died yesterday. His full quote was a bit more verbose: "Any darn fool can make something complex; it takes a genius to make something simple.") Continue reading Twleve Word Tuesday: Pete Seeger Had It Nailed About Security


Ramblings on Risk Part I

I recently gave a webinar talk on Security Analytics that included a simplified risk equation I've been showing for years: Risk = (Threat * Vulnerability) + Action I'll explain that more in a bit. After the webinar I got some Twitter feedback that it was better to stick with the more historical risk equation: Risk … Continue reading Ramblings on Risk Part I