The Information Security Risk Assessment – Security for the Enterprise
by Tarot “Taz”Wake
As the saying goes, nothing can ever be 100% secure and we all know that in practice security is always a trade-off between competing forces such as user requirements, cost, government regulations and the like. Risk management provides the overarching framework for this trade-off and one of the most fundamental parts of the risk management process is the risk assessment. In this article I will cover how you can carry out a detailed Information Security Risk Assessment and deliver genuine value to the end business.
IT Risk Management and Risk Assessment
by Timothy Nolan and Serge Jorgensen
IT Risk Assessment is an important component of Enterprise Risk Management - detecting and dealing with new and emerging threats and vulnerabilities in a prudent, effective and responsible manner. Performing regular and systematic risk assessments is a crucial best practice and helps provide a secure environment and protect an organization's assets, networks, systems, vital business processes, and data.
Risky Business: IT security risk Management Demystified
by Michael D. Peters
As a career security practitioner and Chief Security Officer to several companies over the years, I was responsible for reduction or elimination threat exposures to its core business assets. Depending on the nature of that business and its size, this might be a daunting task at first blush, however, I have discovered that with an organized, systematic approach, you can approach risk management effectively.
IS Risk Assessment & Measurement
by Dan Ross
With the ever changing world of Information Security and the rapid increase of users accessing the Internet over the past decade IS Risk Assessment and Measurement has in more recent years become a much higher priority for businesses around the world to address.
Rısk Management Approach
by Ozan Ozkara
Why IT Security or general enterprise needs to understand risk management is? Risk Management is important fundamental element of security and can be seen as the dominantly force in every corner of organizations.
Security By Obscurity: Do Not Spurn In An Era Of Automated Hacking
by Sang Lee
Camouflage...if so successfully used by nature, why is obfuscation scorned in information security?
Take a look at Steganography, which can be called Data Camouflage.
It is one of most extreme cases of obfuscation that I have heard of in the digital realm.
The Right way of Risk Assessment
by Marcus J. Ranum
The concept of “vagueness” is important to philosophers, and (perhaps) is relevant to the real world of security. Briefly, the idea of vague concepts is that it’s often difficult to determine a sharp dividing line between two states – at what point, for example, do we say that a person has “gone bald”?
Information Systems Metrics and Measurement
by Berker Tasoluk
In order to “manage” our risks, and the efficiency of our controls, we have to depend on some quantitative criteria. Here comes the metrics. We have to monitor our processes and measure them using our metrics. There is a famous saying, you can not manage what you can not measure.
Remember the 4M: Management needs Monitoring , Measurement and Metrics.
Measuring the effectiveness of Information Security Risk Assessment
by Omoruyi Osagiede
The cure for the headache is not to cut off the head
This proverb encapsulates the basic principle surrounding information security risk assessment. The objective of IS risk assessment is to provide management with timely and meaningful information that will enhance their ability to make pragmatic decisions regarding the protection of information assets.
Measuring the imponderable: Auditing IT risks
by Stefano Maccaglia and Prof. Anna Scaringella
Many technologies, today, offer a “click one and catch all” solution. But in our experience such technologies are just a good start. Technologies rely on a wide set of cases already collected and analysed, but there is no technology that can “understand” your environment because it is unique and different from the others.
How to measure and to be aware of the Risk Assessment element as part of Risk Management in the field of cyber security
by Predrag Tasevski
Many organizations – both public and private – nowadays, have implemented and developed their own security risk assessment template tool. The main goal for the template is first to analyse work-flow, then to identify the assets, threat sources and vulnerabilities.
Biometrics: A web based face mask prediction system from only fingerprints
by Seref Sagiroglu, Uraz Yavanoglu and Necla Ozkaya
Most efforts in biometrics have recently been focused on how to improve the accuracy and processing time of the biometric systems, to design more intelligent systems, and to develop more effective and robust techniques and algorithms.