ossie-group.org
A Techie’s Musings
http://ossie-group.org/blog
A Techie’s Musings. A blog by one aspiring Information Security thought leader. Choosing the Risk Framework with the Best Fit. February 20th, 2012. The following are some initial thoughts on that initial selection process as part of building a program from scratch, but making the best use of what is out there knowing it isn’t even close to perfect:. Matching the company culture / industry. Map to business’ strategic objectives. Articulate the organization’s risk tolerance. If this topic interests you, yo...
thesidechannel.org
thesidechannel: A Simple Rationale for Risk Management (slight reverb)
http://www.thesidechannel.org/2008/09/simple-rationale-risk-management-slight.html
Wednesday, September 10, 2008. A Simple Rationale for Risk Management (slight reverb). Please read A Simple Rationale: Risk Management (and IT Security). So, IT Security is what happens when we successfully manage our risks. Plain and simple. That doesn't mean that predicting the world itself is plain or simple, just that if we can figure out how to manage our risks effectively, guessing wrong hurts a whole lot less. Ever heard of that guy that's always the first one out of the plane? I don't know about ...
thesidechannel.org
thesidechannel: Efficient Charity
http://www.thesidechannel.org/2013/05/efficient-charity.html
Monday, May 13, 2013. You should put more padding where it hurts the most to get hit, especially if you're short on padding. How many of us take the same approach when giving to charity? I found this blog posting recently, and it struck me in a powerful way:. Http:/ lesswrong.com/lw/3gj/efficient charity do unto others/. Posted by Chris Healey. Subscribe to: Post Comments (Atom). Subscribe in a reader. Friday Squid Blogging: Korean Spicy Grilled Squid. Talks Not About Info. CISSP, CCEA, MCSE.
thesidechannel.org
thesidechannel: August 2008
http://www.thesidechannel.org/2008_08_01_archive.html
Friday, August 29, 2008. Penetration Testing: How to Find Unexpected Value. Once they stop the bleeding. And then they realize that they're covered by the latest flavor of regulation. Suddenly, the downside risk of not properly addressing the myriad of issues faced is given a clear and present value; one for which they'd rather not find themselves on the receiving end. But you can't usually walk into situation X and talk your way into a strategic consulting engagement. And if you could, you're either...
thesidechannel.org
thesidechannel: A Simple Rationale for Risk Management (and IT Security)
http://www.thesidechannel.org/2008/09/simple-rationale-risk-management-and-it.html
Wednesday, September 10, 2008. A Simple Rationale for Risk Management (and IT Security). What the heck is this thing we call "IT security"? I've been in IT and information security for over 12 years, and nobody has ever really convinced me that they have actually achieved a clear and focused viewpoint. Some come very, very close. Most omit something of key relevance. Well, maybe asking about security wasn't the best core question after all. I have a better one:. What is doing business, really? So, what t...
thesidechannel.org
thesidechannel: First field report from the Remote Wireless Survey
http://www.thesidechannel.org/2009/08/first-field-report-from-remote-wireless.html
Saturday, August 29, 2009. First field report from the Remote Wireless Survey. No rogue wireless access points detected. Posted by Chris Healey. Subscribe to: Post Comments (Atom). Subscribe in a reader. Friday Squid Blogging: Korean Spicy Grilled Squid. Talks Not About Info. 2016 LessWrong Diaspora Survey Results. Rewards Member Sensitive Information Exposure Uncovered at Smokey Bones Restaurants. Choosing the Risk Framework with the Best Fit. Painting a cloud on the basement wall with XenServ.
thesidechannel.org
thesidechannel: August 2009
http://www.thesidechannel.org/2009_08_01_archive.html
Sunday, August 30, 2009. Painting a cloud on the basement wall with XenServer! Ok, I finally got sick of juggling random PC's around, and I never have my custom VMs around exactly where I need one. So I built this in my basement. Not done yet. Dual WRT54Gs running Kamikaze, one with a live radio, the other set up to route every port as a separate untagged vlan (custom iptables script to support full rule mesh on each interface, i.e. all cross-com between internal nets vetted). Posted by Chris Healey.
thesidechannel.org
thesidechannel: May 2013
http://www.thesidechannel.org/2013_05_01_archive.html
Monday, May 13, 2013. You should put more padding where it hurts the most to get hit, especially if you're short on padding. How many of us take the same approach when giving to charity? I found this blog posting recently, and it struck me in a powerful way:. Http:/ lesswrong.com/lw/3gj/efficient charity do unto others/. Posted by Chris Healey. Links to this post. Subscribe to: Posts (Atom). Subscribe in a reader. Friday Squid Blogging: Korean Spicy Grilled Squid. Talks Not About Info. CISSP, CCEA, MCSE.
thesidechannel.org
thesidechannel: RE: "It’s Only a Model"
http://www.thesidechannel.org/2008/09/re-its-only-model.html
Monday, September 29, 2008. RE: "It’s Only a Model". In response to "It's Only a Model". At A Techie's Musings. I tend to think of “positive-security” as a design principle, but almost always actually speak of it as a “positive-security model”, since it is usually applied in the context of a functional system. But let’s not get bogged down in semantics :). It amounts to an excellent way to avoid wasting resources and converge on desired results. Posted by Chris Healey. Subscribe to: Post Comments (Atom).