Risk Management with Stuart King and Duncan Hart:

November, 2006

November 30, 2006  7:00 PM

Microsoft and Vista

sking2 Profile: sking2
BitLocker, fxcop, Microsoft, vista

I like Microsoft. There you go, cards on the table. Let me be more specific: I think that the Trustworthy Computing initiative is simply the most important and valuable security resource that Microsoft have invested energies in over the...

November 29, 2006  8:30 PM

Campaign for clear talking

sking2 Profile: sking2
perception, risk

Much of today was spent leading a workshop session for product management people on the subject of security and risk. The session went well and one particular point of feedback resonated: it was commented upon that the perception prior to the workshop was that it would be a day full of technical...

November 28, 2006  9:44 AM

More on metrics

sking2 Profile: sking2
Metrics, risk

I was reading David Lacey's latest blog entry with some interest. One of the challenges I'm currently faced with is to present an achievable and realistic set of objectives against which my...

November 27, 2006  9:12 PM

Process and Security

sking2 Profile: sking2
Microsoft, OWASP, SDLC, SQL injection

More evidence presented itself today in support of my message that there is a demonstrable correlation between the security status of web products where development follows a formal process and those where development is ad hoc and "messy". Last week I read a report from Gartner entitled...

November 26, 2006  8:00 PM

Security Certifications

sking2 Profile: sking2
Security management

A couple of days ago I encountered a person whose business card made reference to no less than 5 different information security related certifications. Should I be impressed? The answer is simple: yes I am! Let me explain. We seem to be very hasty to pour scorn onto fellow professionals who flaunt...

November 24, 2006  10:51 AM

Financial impact of security incidents

sking2 Profile: sking2
Data breach, incidents, ponemon, risk, Risk assessment

I've been doing a lot of research into the actual and potential impact on a business of various types of security incident and trying to work out how the various statistical models and other data might fit into my own organisation. It's no easy task because information security incident reporting...

November 23, 2006  10:21 AM

Happy Thanksgiving (and more on vulnerability scanners)

sking2 Profile: sking2
Compliance, PCI, SOX

Happy Thanksgiving day! Many of my colleagues are American and so today should be a quiet one on the email front - although you can bet there will always be at least one of them sneaking a message out on the blackberry whilst on a trip into the garage to get some more beer. I mentioned a couple of...

November 22, 2006  3:45 PM

Application Firewalls

sking2 Profile: sking2
Compliance, Technology

I was re-reading the VISA CISP data security standards documentation and reminding myself firstly, of what an enjoyable read this is, and secondly of some of the recent new clauses put in to entertain us. Clause 6.6 (on page 8 of the document)...

November 21, 2006  3:55 PM


sking2 Profile: sking2
Web product security

I want to take the opportunity to pay tribute to the work of the Open Web Application Security Project - OWASP. This project has now grown into an incredible wealth of online resources with a single minded focus on improving web product security. The OWASP Guide...

November 20, 2006  6:29 PM

Vulnerability Scanners

sking2 Profile: sking2
Web product security

I took a call from a vendor inviting me to test the latest version of some web product vulnerability testing software. I've recently been quite outspoken in my dislike for automated testing tools (see here and

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: