How to assess risk – Part I: Asking the right questions
It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process, a) don’t really understand the notion of risk and b) don’t really care. Let’s face it – risk is difficult to understand, since it […]
The problem of security information sharing
In a previous post Sharing security information I suggested that fragmentation of knowledge is a root cause of security breaches. I was thinking about the problem of sharing data loss information this past week and I realized that we are saturated with solutions, technologies, policies, security frameworks and security standards – COBIT, ISO27001 etc.. The […]
People should be very frightened of the FSA
Fear is a good deterrent for individuals – but, will it work for large corporations? I don’t know, but for sure the UK FSA believes in fear. Financial Services Authority (FSA) chief executive Hector Sants pledged in a confrontational speech last week that the UK regulator would be far more “intrusive and direct” in its […]
