Skip to content
  • About
  • Resilience
  • Analytics
  • Architecture
  • Testing
  • Management
  • Risk
  • Other
A black swan

Black Swan Security

A blog about cybersecurity.

Author: Phil

February 21, 2021February 21, 2021 Phil

Managing Identity Consciously

Architecture, Management, Security

I had cause recently to participate in a workshop considering identity across an enterprise and I wanted to share some of my thinking which was unexpectedly useful. Identity is a slippery thing, it has real world hooks but in the digital world it can be many-faceted and complex. Both real…

Read More
January 30, 2021January 30, 2021 Phil

Why I don’t like PIGs in Security Risk

Management, Risk, Security

Probability times Impact Graphs (PIGs), sometimes called a risk matrix, are endemic in security risk assessment and management. They were adopted decades ago and embedded within standards and practices. They’re still there and extensively used across the discipline despite the academic work since they were introduced which has shown that…

Read More
August 31, 2020August 31, 2020 Phil

Security Folkways and Deliberate Security Culture

Management, Security

Security culture remains an elusive amorphous ‘thing’ that we all aspire to improve but don’t really understand why or how. This is not unusual in organisations and institutions who try to understand why the interactions and communication between the people who make the goals of the group happen take on…

Read More
August 20, 2020February 7, 2021 Phil

Homebrew Monte Carlo Simulations for Security Risk Analysis Part 2

Analytics, Risk, Security

Previously I wrote about how I had implemented the simple quantitative analysis from Doug Hubbard’s book ‘How to measure anything in cybersecurity’ into javascript. When I wrote that code for Monte Carlo simulation I was working with percentage probabilities derived from expected rates of occurrence which I spoke about here.…

Read More
June 21, 2020June 21, 2020 Phil

Open Security Summit 2020

Other

This was a busy week but once again the Open Security Summit proved why it is one of my favourite events on the security calendar. There is now a huge list of content recorded at the the summit and during the training sessions available for free, I will be returning…

Read More

Posts navigation

Older posts

Recent Posts

  • Managing Identity Consciously
  • Why I don’t like PIGs in Security Risk
  • Security Folkways and Deliberate Security Culture
  • Homebrew Monte Carlo Simulations for Security Risk Analysis Part 2
  • Open Security Summit 2020
  • What are we missing in risk?
  • Commercial & Government Cyber Conversation
  • Through the barricades..
  • Modern Security Risk Presentation
  • What are Information Assets?
  • Dressing up security with Bow-Ties
  • Asset Management Measurement for Cyber
  • Triage in Supply-Chain Cyber Risk Management
  • Security on the Bottom Line
  • What is Likelihood?
  • What is Information Security Risk?
  • Serious Business?
  • Invest in the CIO, before the CISO
  • Value of Security
  • Insider Risk Management

Tag Cloud

44con 27001 analytics architecture assurance big data board boardlevel ciso conference cyber cyber resilience cyber security cynefin data science engagement governance information security infosec leadership management measurement OODA pen testing principles protectivemonitoring regulation resilience resistance risk security security analytics security architecture zones trust securitymanagement security management security management cyber securitymonitoring security risk securitystrategy securitytest security testing strategy supply chain testing third-party

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.