Risk Management And Security Metrics

Risk Management and Security Metrics

What do we have in the world of risk management in the IT and security world today, a bit of a mess. Risk management has been a nebulous, pathless utopia that has been just out of our reach because we are randomly wandering around in pseudoscience and non-sensible numbering systems. Read this series of articles to find out what we should be doing today.


Risk Management Strategies

Shon explains what risk is and clarifies the differences between risk and vulnerability management and provides a 10,000-foot view of the risk management process. The explanation of how to use threat modeling to define an organization's acceptable level of risk, describes the contents of a risk management policy and provides a sample policy template, and also describes the roles and responsibilities of an information risk management team. Learn how to define the scope of the IRM team's responsibilities, the difference between qualitative and quantitative risk analysis and the tools used to carry out risk analysis. There is step-by-step instructions on conducting a risk analysis, along with the four ways to deal with identified risk: transfer it, avoid it, reduce it or accept it


Basic Footprinting

Footprinting of an organization prior launching an attack against its resources is essential for an attacker as it enhances the probability of a successful attack. For example, if a burglar plans to break into a house, he will first gather as much information as possible to find out the ways that can be used to break into it. Similarly, when malicious attacker plans to target an online resource, he first gathers all the possible information to create a complete profile of targets security posture.


IT Security Auditors Roles

We have moved into a fascinating time where technology has been injected into almost every part of our lives. We are currently going through a metamorphosis that none of us can truly grasp, because we are right in the middle of it. It is very difficult for a society to know that it is going through great changes because it is hard to view something objectively when you are right in the middle of it.


E-mail Threats

E-mail spoofing is a technique used by malicious users to forge an e-mail to make it appear to be from a legitimate source. Usually, such e-mails appear to be from known and trusted e-mail addresses when they are actually generated from a malicious source. This technique is widely used by attackers these days for spamming and phishing purposes.


Basic Security Development Issues

Developers are generally not always aware of the ever increasing security issues that can nefariously attack their code. This lack of awareness combined with tight development timelines generally result in applications that are prone to a wide assortment of attacks.


Programming Languages

From the era of punched card instructions to heuristic encoding, programming languages have rapidly evolved in their design, approach and dogma. Though the first three generations of programming languages can be classified on distinctly defined precincts, thereon, the classification becomes slightly obscure and somewhat arguable.

For more information about Risk Management and Security Metrics, visit our site: http://www.logicalsecurity.com/resources/resources_articles.html