Risk Management with Stuart King and Duncan Hart:

November, 2007

November 29, 2007  6:03 PM

2007 Data Breach Survey

sking2 Profile: sking2
data breaches

The Ponemon Institute has concluded this year that "data breach incidents cost companies $197 per compromised customer record in 2007, compared to $182 in 2006. " This data is reported in the document titled "2007 Annual Study: U.S. Cost of a Data Breach" and can be downloaded from the link at the...

November 28, 2007  6:39 PM

Biggest corporate security threats

sking2 Profile: sking2
Security management

If you were to ask me what I consider the biggest security threats to a large organisation are, then I would reply that it's two things: third parties and portable devices. We're asking more of both and we're trusting more of our private data to both as well. For instance, we might use third party...

November 28, 2007  2:50 PM

Dangers of third party content

sking2 Profile: sking2
OWASP, Web security

An excellent presentation from the latest OWASP conference is available on the subject of security around provisioning online third party content. You can download it directly from the conference page linked

November 27, 2007  6:00 PM

200 Today

sking2 Profile: sking2

This is the 200th entry on this blog! I'm certainly not in any danger of running out of things to talk about. We're in a very dynamic environment where the risk equation must be continually reviewed for each of the bad outcomes that we are concerned about. My prediction for the next 200 blogs?...

November 27, 2007  5:00 AM

Password strength

sking2 Profile: sking2
2FA, Passwords, SSO

The old debate about password strength has resurfaced. Somebody asked me "how many passwords are really cracked?" It's a good question, and one that I don't have the answer to. Which doesn't really help my cause when I'm pushing policies that enforce strong (i.e. a minimum of 7 characters...

November 26, 2007  6:54 PM

Changing threat environment

sking2 Profile: sking2
Security management

Nothing focuses the mind more than being asked to prepare an updated report for the board. Can we report that previously reported risks have been reduced? Certainly we can because that's what we're working on day by day. The difficulty comes in putting across the message that the threat environment...

November 25, 2007  9:00 AM

Data breach analysis

sking2 Profile: sking2
data breaches

I've been looking back at the recent history of data breaches. This resource at http://www.privacyrights.org/ar/DataBreaches2006-Analysis.htm shows that of 126 private sector incidents, 40% were the result of laptop theft,...

November 22, 2007  8:32 AM

HMRC – further comment

sking2 Profile: sking2

I suspect that the England soccer team losing their vital match against Croatia last night was a pre-planned conspiracy to give us something else to talk about other than the HMRC fiasco/scandal/failure/disaster. Or perhaps the loss can be blamed on the fact that half the team have children and so...

November 21, 2007  8:00 AM

HMRC Data Incident

sking2 Profile: sking2

An important point has been missed in the news reports regarding the loss of UK child benefit records. That point is that I don’t believe for a minute that this is the first and only time such important data has been treated in this way. If management processes were so poor this time around then...

November 19, 2007  7:38 PM

Virtual Worlds – Where are the rules?

sking2 Profile: sking2

"A recent virtual meeting of 200 IBMers was held in a recreation of Beijing's Forbidden City, where the avatars of the company's chief scientist, Irving Wladawsky-Berger, and CEO, Sam Palmisano, announced a $100million investment program in innovative technologies, including the business use of...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: