Risk Management with Stuart King and Duncan Hart:

February, 2007

February 28, 2007  5:00 AM

Dekstop AV – is Vista enough?

sking2 Profile: sking2
anti-malware, vista

Do the anti-malware controls built into Windows Vista mean that we can begin to think about reducing the amount we spend on third party desktop AV products? Discuss! I'm sitting on the fence on this issue - so far. On the one hand there are opinions of the sort being aired on

February 27, 2007  12:01 AM

Risk appraisal and acceptance process

sking2 Profile: sking2
Risk assessment

Today I've been trying to participate in a meeting where everyone except me is sitting in a building in Orlando. Unfortunately, for various reasons I wasn't able to travel over this week so it's a case of straining to join in the discussion in the right place over the telephone and make the right...

February 26, 2007  7:30 AM

Compliance and risk

sking2 Profile: sking2
Security management

I've been reading a good, common-sense, article entitled "Compliance Optimization: Defining The Right Level Of Control" written by Michael Rasmussen and published by Forrester. Michael states that we should take "a...

February 23, 2007  5:56 PM

OWASP Testing Guide v2

sking2 Profile: sking2
OWASP, Web security

I recommend that all of you involved in product development take note that OWASP have released v2 of the application testing guide. It's an excellent, detailed, easy to follow reference.

February 22, 2007  9:00 PM

Scope of Information Security

sking2 Profile: sking2
iso27001, Risk assessment

There's an interesting article in the latest edition of Computers & Security Journal entitled "Information Lifecycle Security Risk Assessment: A tool for closing security gaps" by Ray...

February 22, 2007  7:28 AM

Man on train displays password

sking2 Profile: sking2
security awareness

Sitting next to me on the train yesterday was an employee of a large telecoms company. I know this from the ID badge he was wearing and the asset tag on his laptop. On the lid of his laptop was a yellow post-it on which was scribbled his userid and password. Yes - it really does happen! Ironically...

February 21, 2007  7:00 PM

Importance of process

sking2 Profile: sking2

About 10 years ago I began a short contract working as a programmer for a bank. On beginning the role, my very first task was to read the programming standards manual. This was a custom written 400 page folder describing every allowable way of writing code such as how to lay out loops and variable...

February 20, 2007  7:47 AM

Marketing security

sking2 Profile: sking2
Security management

The comment left on my previous entry led me to an excellent blog at http://www.emergentchaos.com/. One of the contributors to that blog, Arthur, makes an interesting...

1 Comment     RSS Feed     Email a friend

February 19, 2007  8:30 PM

Threat modelling and risk ownership

sking2 Profile: sking2

I've spent a fair amount of time over the past year or so looking at threat modelling as it applies to the product space. Threat modelling is a time consuming process but it's an invaluable tool in helping us to manage risk and understand threats that are relevant to a specific system. The best...

February 18, 2007  11:24 AM

Colour blind

sking2 Profile: sking2
Security management

Sometimes the simplest things can make a difference. I was speaking to a group of Dutch product managers a few days ago, walking through a risk assessment process. The most important parts of the process are marked in green, as they have been for the past five years or so. One of those present...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: