Risk Management with Stuart King and Duncan Hart:

December, 2006


December 27, 2006  9:00 AM

What motivates a web site attack

sking2 Profile: sking2
attack, risk, RoA

I hope everyone had/is having a good holiday. My only mishap has been to unwittingly deliver alcohol laced chocolates to my teetotal future inlaws. Fortunately it was taken in good humour and while I'm not sure if my "wash them down with a good Shiraz" jibe was particularly well received I think...

December 23, 2006  9:00 AM

A pre-Christmas Saturday Soapbox

sking2 Profile: sking2
Misc

It's nearly Christmas so I'm going to get my soapbox out again and comment on the news that for the national ID system information "will be held on three existing, separate databases" as reported by the BBC in an article that you can read


December 22, 2006  9:00 AM

Perceptions are the key to mitigating risk

sking2 Profile: sking2
Governance, perception, risk

How are you viewed within your organisation? Is Information Security seen as an automatic invitation to new project meetings and product reviews, or do peers try to avoid discussing things in too much detail with you just in case they mention something that is out of compliance with policy? I've...


December 21, 2006  8:44 AM

It can happen anywhere

sking2 Profile: sking2
Web product security

The issue with the Hamley's website mis-pricing goods (see Computer Weekly 19 Dec) is the sort of embarrassing, costly, and totally avoidable sort of glitch that...


December 20, 2006  10:45 AM

VISA PCI Incentives

sking2 Profile: sking2
Compliance, PCI, visa

A new VISA incentive program for payment providers (i.e. "acquiring financial institutions") caught my interest. You can read an article about it here. The essential...


December 19, 2006  8:12 AM

More on risk assessment

sking2 Profile: sking2
Risk assessment

A great example came up today of exactly what I was talking about in yesterdays blog. Some-one raised an issue with regards to our corporate Intranet and the fact that after performing a...


December 18, 2006  8:05 AM

Real world risk assessment – don’t forget to consider costs

sking2 Profile: sking2
MBA, risk

There is risk attached to everything that we do. In most everyday situations we attach a value to risk using instinct and judgement based on experience. In business we need to be more precise: we can make judgments based on instinct but when there are the interests of customers and bottom line...


December 16, 2006  1:30 PM

Saturday Soapbox

sking2 Profile: sking2
Security management

Cryptogram is a monthly newsletter produced by security guru Bruce Schneier. I have a lot of respect for Bruce's writings, and he's been an influence on my own security views. Anyway, this isn't supposed to be testimonial to the work of...


December 15, 2006  7:00 PM

Safeguarding data – it’s all in the process

sking2 Profile: sking2
Compliance, Risk assessment

David Lacy mentions in his latest blog that our ability to safeguard data depends upon "sensible application of well-established security technologies." I am in complete agreement...


December 12, 2006  8:00 PM

Regulatory Compliance – we need more detail

sking2 Profile: sking2
Compliance, HIPPA, legislation, PCI, risk, SOX

I sat in a presentation recently where the words "regulatory compliance" were used no less than 27 times across 45 PowerPoint slides. I've even found myself using the term in meetings more times than should be legally allowed, and rarely a day passes where "regulatory compliance" is not written...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: