Previously I wrote about how I had implemented the simple quantitative analysis from Doug Hubbard’s book ‘How to measure anything in cybersecurity’ into javascript. When I wrote that code for Monte Carlo simulation I was working with percentage probabilities derived from expected rates of occurrence which I spoke about here.…
Tag: risk
Open Security Summit 2020
This was a busy week but once again the Open Security Summit proved why it is one of my favourite events on the security calendar. There is now a huge list of content recorded at the the summit and during the training sessions available for free, I will be returning…
What are we missing in risk?
I’ve recently been talking with some executives who bemoan the risk management in their organisations. They don’t trust the risks as they are presented and worry about putting their finite resources of money and time in the wrong places because of it. They worry that as soon as the analysts…
Through the barricades..
I was speaking with a peer recently about the value of bow-tie diagrams and how they allow you to separate controls from mitigations and it became obvious I was using these terms in a way that needed to be explained. Barrier model risk methods developed in the safety and reliability…
Modern Security Risk Presentation
I was recently asked to present in a remote session at the ISC2 Thames Valley Chapter on Modern Security Risk. I’ve not presented remotely like this before but while it was unusual not having the audience visible to see their reactions it seemed to go very well. There were a…