Risk Management with Stuart King and Duncan Hart:

January, 2007


January 31, 2007  7:30 AM

More on the smartcard story – a solution

sking2 Profile: sking2
Access, accountability, Authentication, Risk mitigation, Smartcards

Having slated an NHS Trust in my blog yesterday for its misuse of smartcards, I was wondering how I would resolve the problem if it were up to me to manage the situation. Let's review the problem: fast access is required to records however, the system doesn't allow system users to gain access as...

January 30, 2007  4:02 PM

Smartcard sharing

sking2 Profile: sking2
Security management

I know that this isn't supposed to be a blog for passing comment on the news and that you are all reading this because of my detailed expose of everyday life at the sharp end of risk management. However, I saw


January 30, 2007  8:09 AM

Outsourced challenges

sking2 Profile: sking2
Security management

My blog has been unattended for a couple of days as I returned from some overseas travels and have been playing catch-up on home and work life. One of the subjects that came up whilst away was offshore vendor security. Offshore vendors are used for an ever increasing variety of work. One of my...


January 24, 2007  2:01 PM

Assessing data handling

sking2 Profile: sking2
Security management

The current challenge is to put together a new security assessment questionnaire focused on data handling. I'm working on this with one of my American colleagues, and predictably we've both come to the floor with different views on what questions need to be asked. This isn't detrimental though as...


January 24, 2007  8:02 AM

Downside of vulnerabilty testing

sking2 Profile: sking2
budget

Few will argue that vulnerability testing is not an important part of the online product lifecycle but I was caught slightly unawares by this question in a recent meeting: if we test a product, and identify vulnerabilities how do we get the resources and budget to resolve the issues within an...


January 23, 2007  1:55 AM

Levels of detail

sking2 Profile: sking2
Authentication, CAS

What makes for a good security blog? I was reading a comment from a well respected industry name who states that much of the content on the web is either "technical and often incorrect" or of "no practical use to most of the business world who all use a computer on a daily basis." See


January 22, 2007  12:43 PM

Risk perceptions and historical data

sking2 Profile: sking2
risk

A couple of years ago a UK town council banned hanging flower baskets from public display because of the thoeretical risk that they might fall down and hit someone on the head. You can read the story here. I wonder if this...


January 19, 2007  8:30 AM

Compliance, change control, and firewalls

sking2 Profile: sking2
Compliance, PCI, SDLC

What exactly does "compliance" mean? If I'm reviewing a product and conclude that it is compliant against some particular policy or regulation then what that really means is that it is compliant at that particular moment in time. This is a point well made on the


January 17, 2007  9:20 AM

Web site password policy

sking2 Profile: sking2
Authentication, credentials, Passwords

What's your websites password policy? 5 characters? 6 characters including upper/lower case and numbers? How did you choose the policy? Did the IT department think it would be a good idea? Is it based on requirements set by Information Security? This single subject alone fills up more of my inbox...


January 15, 2007  9:30 AM

Going to America

sking2 Profile: sking2
Misc

Operational risk management today takes me to Dayton, Ohio. I'm there to give a presentation on eProduct risk management as well as to make personal acquiantance with a number of people I usually only correspond with via email. The last couple of days have been mostly taken up with sorting out the...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: