Security culture remains an elusive amorphous ‘thing’ that we all aspire to improve but don’t really understand why or how. This is not unusual in organisations and institutions who try to understand why the interactions and communication between the people who make the goals of the group happen take on…
Category: Security
Homebrew Monte Carlo Simulations for Security Risk Analysis Part 2
Previously I wrote about how I had implemented the simple quantitative analysis from Doug Hubbard’s book ‘How to measure anything in cybersecurity’ into javascript. When I wrote that code for Monte Carlo simulation I was working with percentage probabilities derived from expected rates of occurrence which I spoke about here.…
Commercial & Government Cyber Conversation
In these remote-first times I recently took part in a zoom conversation led by Henry Harrison at Garrison on the growing similarities between commercial and government cyber security. I was joined by Russell Kempley, James Chappell and Bernard Parsons MBE. We ranged from the constraints of high-threat club government security…
Modern Security Risk Presentation
I was recently asked to present in a remote session at the ISC2 Thames Valley Chapter on Modern Security Risk. I’ve not presented remotely like this before but while it was unusual not having the audience visible to see their reactions it seemed to go very well. There were a…
What are Information Assets?
Many methods for analysing Information Security Risks use the term assets, information assets or business assets interchangeably. This is a common foundation of Information Security risk analysis often providing a guide to the business impact of a risk being realised in particular systems that hold or access these assets. The…