Skip to content
  • About
  • Resilience
  • Analytics
  • Architecture
  • Testing
  • Management
  • Risk
  • Other
A black swan

Black Swan Security

A blog about cybersecurity.

Category: Security

February 21, 2021February 21, 2021 Phil

Managing Identity Consciously

Architecture, Management, Security

I had cause recently to participate in a workshop considering identity across an enterprise and I wanted to share some of my thinking which was unexpectedly useful. Identity is a slippery thing, it has real world hooks but in the digital world it can be many-faceted and complex. Both real…

Read More
January 30, 2021January 30, 2021 Phil

Why I don’t like PIGs in Security Risk

Management, Risk, Security

Probability times Impact Graphs (PIGs), sometimes called a risk matrix, are endemic in security risk assessment and management. They were adopted decades ago and embedded within standards and practices. They’re still there and extensively used across the discipline despite the academic work since they were introduced which has shown that…

Read More
August 31, 2020August 31, 2020 Phil

Security Folkways and Deliberate Security Culture

Management, Security

Security culture remains an elusive amorphous ‘thing’ that we all aspire to improve but don’t really understand why or how. This is not unusual in organisations and institutions who try to understand why the interactions and communication between the people who make the goals of the group happen take on…

Read More
August 20, 2020February 7, 2021 Phil

Homebrew Monte Carlo Simulations for Security Risk Analysis Part 2

Analytics, Risk, Security

Previously I wrote about how I had implemented the simple quantitative analysis from Doug Hubbard’s book ‘How to measure anything in cybersecurity’ into javascript. When I wrote that code for Monte Carlo simulation I was working with percentage probabilities derived from expected rates of occurrence which I spoke about here.…

Read More
May 27, 2020May 27, 2020 Phil

Commercial & Government Cyber Conversation

Security

In these remote-first times I recently took part in a zoom conversation led by Henry Harrison at Garrison on the growing similarities between commercial and government cyber security. I was joined by Russell Kempley, James Chappell and Bernard Parsons MBE. We ranged from the constraints of high-threat club government security…

Read More

Posts navigation

Older posts

Recent Posts

  • Managing Identity Consciously
  • Why I don’t like PIGs in Security Risk
  • Security Folkways and Deliberate Security Culture
  • Homebrew Monte Carlo Simulations for Security Risk Analysis Part 2
  • Open Security Summit 2020
  • What are we missing in risk?
  • Commercial & Government Cyber Conversation
  • Through the barricades..
  • Modern Security Risk Presentation
  • What are Information Assets?
  • Dressing up security with Bow-Ties
  • Asset Management Measurement for Cyber
  • Triage in Supply-Chain Cyber Risk Management
  • Security on the Bottom Line
  • What is Likelihood?
  • What is Information Security Risk?
  • Serious Business?
  • Invest in the CIO, before the CISO
  • Value of Security
  • Insider Risk Management

Tag Cloud

44con 27001 analytics architecture assurance big data board boardlevel ciso conference cyber cyber resilience cyber security cynefin data science engagement governance information security infosec leadership management measurement OODA pen testing principles protectivemonitoring regulation resilience resistance risk security security analytics security architecture zones trust securitymanagement security management security management cyber securitymonitoring security risk securitystrategy securitytest security testing strategy supply chain testing third-party

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.