Comments for Risktical Ramblings

Comment on Risk Vernacular by Collective Results « Behavioral Security

Collective Results « Behavioral Security — Fri, 04 Jun 2010 19:07:42 +0000

[...] a nod to Chris Hayes and his risk vernacular (that may be a great starting point). I’d like to create a reference for terminologies and [...]

Comment on Impromtu IT Risk Assessment Poll by It’s Your Methods, Not Your Madness — Security Bloggers Network

It’s Your Methods, Not Your Madness — Security Bloggers Network — Tue, 01 Jun 2010 21:01:26 +0000

[...] methods, and they're not necessarily all the same or equal. Check out Chris Hayes' quick poll "Impromtu IT Risk Assessment Poll" for a quick list of a couple approaches. Also note the results and just how many people have no [...]

Comment on Heat Map Love by More Heat Map Love « Risktical Ramblings

More Heat Map Love « Risktical Ramblings — Tue, 11 May 2010 13:50:01 +0000

[...] Heat Map Love In my previous post “Heat Map Love” I attempted to illustrate the relationship between plots on a heat map and a loss distribution. [...]

Comment on Rainbow Risk by Heat Map Love « Risktical Ramblings

Heat Map Love « Risktical Ramblings — Thu, 06 May 2010 16:19:31 +0000

[...] in my “Rainbow Risk” post I shared an example of a “rainbow chart”; a 100% stacked bar chart representing the [...]

Comment on Risk and CVSS (Post 1) by HyunChul

HyunChul — Fri, 19 Feb 2010 10:26:51 +0000

By the way, a vulnerability in CVSS is defined as a software defect which can be exploited by malicious users so that it can potentially cause negative impact.

Comment on Risk and CVSS (Post 1) by HyunChul

HyunChul — Fri, 19 Feb 2010 10:24:02 +0000

The main goal of CVSS is to standardize software related vulnerabilities mainly , so that we can make it sure that when we say vulnerability A, it is not the same one with vulnerability B among the people.
Also, it can prioritize severity of vulnerabilities. It can help for the administrators which one should be first to be cure. Of course, as you said, it should not be panacea, but still it provides a tremendous services, especially for quantitative software risk analyzes.

Comment on Working With External Data (Part 1 of X) by Working With External Data (Part 2 of X) « Risktical Ramblings

Working With External Data (Part 2 of X) « Risktical Ramblings — Tue, 02 Feb 2010 17:26:27 +0000

[...] to working with external data for analysis or modeling purposes. You can read the first post HERE or read the “cliff notes” summary [...]

Comment on What’s In Your Wallet? by Patrick Florer

Patrick Florer — Mon, 28 Dec 2009 22:01:47 +0000

Very nice blog, Chris!

Patrick

Comment on Risk Vernacular by David Vose

David Vose — Wed, 09 Dec 2009 14:32:45 +0000

Hi Chris

I see you read my book. I’m curious to know what you thought of it.

Best wishes

David

Comment on Working With External Data (Part 1 of X) by Interesting Information Security Bits for 11/23/2009 | Infosec Ramblings

Interesting Information Security Bits for 11/23/2009 | Infosec Ramblings — Mon, 23 Nov 2009 23:03:41 +0000

[...] scoped desire to build a “loss model.” This series looks to be very interesting. Working With External Data (Part 1 of X) << Risktical Ramblings Tags: ( general [...]