Author: alex

OR – RISK ANALYSIS POST-INCIDENT, HOW TO DO IT RIGHT Rob Graham called me out on something I retweeted here (seriously, who calls someone out on a retweet?  Who does that?): http://erratasec.blogspot.com/2011/03/fukushima-too-soon-for-hindsight.html And that’s cool, I’m a big boy, I can take it.  And Twitter doesn’t really give you a means to explain why you…

Read More Actually It *IS* Too Early For Fukushima Hindsight

THURSDAY, THURSDAY, THURSDAY!!!!!!! Hi everyone! SIRA’s March monthly webinar is this Thursday, March 10th from 12-1 PM EST. We are excited to have Mr. Nicholas Percoco, Head of SpiderLabs at Trustwave, talk to us about the 2011 Trustwave Global Security Report. Block off your calendars now! Hello , Alexander Hutton invites you to attend this…

Read More SIRA Meeting! THURSDAY

Mike Rothman’s “Firestarter” on “Risk Metrics are Crap“. It’s very difficult to argue with a poorly constructed argument.  Especially when I have no idea what a “risk metric” is.  But best as I can tell, Mike’s position is that unless you are smart and/or have strong resources allocated to your InfoSec team, things like metrics,…

Read More Just Because YOU Think Your Clients Are Too Busy and/or Stupid Doesn't Mean Everyone Else Is

Hey everybody! I was just reading Gunnar Peterson’s fun little back of the napkin security spending exercise, in which he references his post on a security budget “flat tax” (Three Steps To A Rational Security Budget).  This got me to thinking a bit  – What if, instead of in the world of compliance where we…

Read More Gunnar's Flat Tax: An Alternative to Prescriptive Compliance?

No doubt my “Why I Don’t Like CRISC” blog post has created a ton of traffic and comments.  Unfortunately, I’m not a very good writer because the majority of readers miss the point.  Let me try again more succinctly: Just because you can codify a standard or practice doesn’t mean that this practice is sane.…

Read More CRISC – The Bottom Line (oh yeah, Happy New Year!)