Collaborate Disseminate
There is a strategic question that we are banging our heads against in my IT department, which essentially boils down to this:
There is a type of attack against our systems that can cause a lot of damage if missed or not a… Continue reading How to deal with low-probability high-impact risks?
The outdated DREAD risk model (wikipedia) lists Discoverability as a criteria for judging the severity of a vulnerability. The idea being that something which is not publicly known and you would be unlikely to discover withou… Continue reading Is "Discoverability = low" an acceptable reason to reduce the risk of a vulnerability?
The problems I see with the typical risk assessment are as follows:
Maintaining the list of assets updated
Maintaining the status of the treatments updated and the risk level
coherent with that.
Maintaining the dependency o… Continue reading How can I do a maintainable and significant risk assessment in an organisation with thousands of assets?
Seems a new malware infection has been detected called ‘Operation Prowli Malware’ and around 40,000 machines are infected.
Still no CVE data updated on CVE site regarding the relevant vulnerability.
Anyone knows the impact… Continue reading Operation Prowli Malware Infects Over 40,000 Machines
The company I work for (kind of a startup) can’t afford a full-time chief information security officer (CISO). So the boss is asking the security aware people in the team to work together to do a CISOs job. And I don’t think … Continue reading What is as CISOs job, exactly?
Does anyone know of any good Risk Registers to start logging security risk that are found on the fly?
The problem that I am having is that we find so much in a day, things start to get lost in emails and we tend to forget the risks that … Continue reading Security Risk Register
We’ve recently started using O365/SPO/OneDrive for business as a sharing platform over a previous niche provider platform. I’ve noticed that each time a user shares content externally, the external user gets an account in our… Continue reading What risks are associated with SPO/Onedrive/O365 external user accounts in active directory?
I’ve found either one, or more than one, bug, in ACL evaluation, when running Samba on FreeBSD. I can’t be sure if these are facets of the same bug or related bugs – they’re very similar but do have distinct features and expo… Continue reading To workaround a FreeBSD ACL bug I need to grant "read attributes/ACLs" to untrusted Samba users. Not happy about security – can practical harm result?
I’m trying to be more careful about my personal data, that I plan to back up using some secure online storage service.
I’m looking at several encrypted services that are a much better alternative than Google Drive.
The post Confessions of a Risk Assessor: 6 Things to Know Before a Cyber Security Assessment appeared first on Delta Risk.
The post Confessions of a Risk Assessor: 6 Things to Know Before a Cyber Security Assessment appeared first on Security Boulevard.
Continue reading Confessions of a Risk Assessor: 6 Things to Know Before a Cyber Security Assessment