4 months, 16 days ago

Introducing The Open Group Open FAIR™ Risk Analysis Tool

Since late in 2016, The Open Group Security Forum have been collaborating with San Jose State University and Probability Management to develop a Risk Analysis tool that adheres to The Open Group Open FAIR™ Standard.

With a view to creating a tool that helps accelerate the adoption of the Open FAIR standard, the tool provides both experienced and novice risk practitioners with a practical and pragmatic tool to help analyse perceived risk in a consistent and simple to use way, whatever industry they work in. It is now ready and we are pleased to make it available to use and evaluate for free.

6 months, 7 days ago

Zero Trust on a Beer Budget

I have a good friend that has a small business (roughly 100 employees and 2 office locations, everything lives in the cloud, no real “network” to speak of) that is doing well.  A few weeks ago, over barbeque and range time (some folks play golf, we sho…

8 months, 9 days ago

New Security Architecture Practitioner’s Initiative

Organization leaders know they need cybersecurity, but 2017 has driven that point home with special force. Intelligence Agencies have shown that even the most secure targets are vulnerable, and the rapid proliferation of ransomware has demonstrated that damage can be crippling and come without warning.

The Security Architecture Practitioner’s Initiative is a joint effort of The Open Group Security Forum (a global thought leader in Enterprise Architecture) and The SABSA Institute (a global thought leader in Security Architecture) to articulate in a clear, approachable way the characteristics of a highly-qualified Security Architect.

9 months, 5 days ago

TIP of the Iceberg: Research Announcement on Threat Intel Platforms

A common feature in the threat intelligence platform (TIP) space is aggregation of data and providing an interface for managing threat intelligence — this seems to be where the product visions diverge. While many of these platforms have been arou…

10 months, 9 days ago

CSI: Your Network – Reconstructing the Breach

September 2017 was a busy month. Three major breach notifications in Deloitte, the SEC, and Equifax… and my first Wave dropped, coincidentally on Digital Forensics & Incident Response Service Providers. Following all this commotion, I had a client reach out and ask me how… How are investigators able to reconstruct digital crime scenes to identify […]

10 months, 25 days ago

Forrester Gathers Experts Across Disciplines To Tackle Europe’s Most Pressing Privacy, Security, and Trust Challenges

Fresh off a successful event in Washington, DC last week, we’re gearing up for Forrester’s Privacy & Security Forum Europe in London on 5-6 October. Forrester is gathering experts in cybersecurity, privacy, customer experience, regulatory compliance, identity management, personalization, blockchain, and a range of related topics.  Together, Forrester analysts and leaders from firms like ABN […]

11 months, 6 days ago

Equifax Does More Than Credit Scores

Our reaction to the Equifax breach was similar to what we imagine many people went through. First, we wanted to know if we were affected? Second, What about our spouse and other immediate family members? Third, Better keep an eye on the old credit report or initiate a credit freeze. Since Forrester offers credit monitoring […]

11 months, 24 days ago

Customer Trust And Loyalty Determine Success On The Dark Web, Too

  This is a guest post by Salvatore Schiano a researcher serving Security & Risk Management professionals The dark web is an underground marketplace for drugs, stolen credentials, stolen financial and medical records, and other illicit products and services.  Cybercriminals use it to monetize breached data but they also use it to buy and sell exploits […]

11 months, 27 days ago

You Deserve What You Tolerate…

After reading through some other blogs and strategy papers over the weekend, (Don’t judge me. To some of us, this activity constitutes a good time…Yes, lame…I know.) I saw what appeared to be an underlying theme across the narratives I’d read: Security tolerates failure. It’s understandable that it happens, but I think, if we are […]

1 year, 21 days ago

Black Hat Buzzword Bingo 2017

Every year at Black Hat, the buzzword factory is in full swing.  Last year the word of the day was Artificial Intelligence or Machine Learning (or in the off chance you met with someone who knew what they were talking about they would call it “AI or ML”).  The year before that, the word of […]