I posted this also to the securitymetrics.org mailing list. Sorry if discussing in multiple venues ticks you off. The Not Obvious blog has an interesting write up on the Heartland Breach and impact. From the blog post: “Heartland has had to pay other fines to Visa and MasterCard, but the total of $12.6 million they […]
Check out Richard Bejtlich’s Information Security Incident Rating post. In it, he establishes qualitative, color-based scales for various asset-states in relation to the aggregate threat community. As Richard states, he’s not modeling risk, but rather he’s somewhat modeling half of risk (in FAIR terms, an attempt at TEF/LEF/TCap information, just not the loss magnitude side). […]