Today’s article will continue on the subject of emerging risk in combo with how to forecasts the future. Intentionally I did not say “predict the future”, as this is impossible. Forecasting is though something different that I as a Risk Management fan think is somewhat achievable. No, I have not invented the time machine and […]
Read More EMERGING RISKS & HOW TO FORECAST THE FUTURE
“The Crown Jewels are the ceremonial treasures which have been acquired by English kings and queens, mostly since 1660. The collection includes not only the regalia used at coronations, but also crowns acquired by various monarchs, church and banqueting plate, orders, insignia, robes, a unique collection of medals and Royal christening fonts.” www[.]royal[.]uk According to […]
Read More SAFEGUARDING THE CROWN JEWELS – INFORMATION CLASSIFICATION
Our past and history are perspectives that can help us to predict, forecast, and strategize around future events. But just because something happened in the past does not mean it will happen in the future. But the past can help us in learning about, for example, how to prepare and take on new things in […]
Read More WHAT ARE EMERGING RISKS?
Why did plague doctors wear those strange beaked masks? In the 17th century, people believed these outfits could purify poisonous air. They were wrong. “[…] physicians believed that the plague spread through poisoned air that could create an imbalance in a person’s humors, or bodily fluids. Sweet and pungent perfumes were thought to be able […]
Read More SECURITY HYGIENE DONE CORRECTLY
When a building is to be constructed, the strength of the components used for the construction is calculated before the actual and practical building phase takes place. The material used, for example, for the fundament, beams, floors, walls etcetera of the building is not something that is thrown in without contemplation or calculation. The same […]
Read More THREAT MODELING MADE SIMPLE
“To know your enemy, you must become your enemy.”. Sunz Tzu, The Art of War If you want to learn and get a deeper knowledge of how attacks are conducted from a more technical point of view from an adversarial perspective, I recommend you learn ethical hacking. There is definitely an added value for security […]
Read More WHO SHOULD LEARN ETHICAL HACKING?
Threats are those things that we can not control. What I mean by this is that threats, when it comes to security, are mainly driven (when there is a human behind the actions) by motivation and skills/capabilities. To give an analogy on Threats, in traffic example, when you drive a car there are different kinds […]
Read More WHAT IS THREAT MODELING?
“CISM, CISA, CRISC. Which one, of these three, is the best ISACA certification?“ I have been asked this one a couple of times since I worked my way through these certifications. And I have also been asked: I would rather switch the question around a bit and look at the subject from a couple of […]
Read More CISM, CISA & CRISC – WHICH CERTIFICATION TO TAKE?
In this article, the focus will be on the Monitoring & Reporting phase in the Risk Assessment process. I will go through the phase, Monitoring & Reporting, and the elements within it. If you are new to Risk Management, I recommend you read the article What is Risk Management. If you are interested in the […]
Read More THE RISK MONITORING & REPORTING PHASE EXPLAINED
I know there are different definitions and descriptions out there of what compliance is. This article is not about cutting words or saying my definition is right or others are wrong. The goal of this article is to address the subject, Compliance, from a cloud security governance perspective. Why it is a thing and how […]
Read More CLOUD SECURITY GOVERNANCE – REGULATIONS, COMPLIANCE & SECURITY