I recently read a blog where the writer used the term “calculated risk.” Do you know how you calculate risk? Do you use a repeatable process to calculate risk? Have you evaluated your process to ensure you get feedback from various perspectives? If not, then your calculations of risk are likely myopic in a human… Continue reading Calculated Risk
I tend to operate in accordance with the four principles of Cigital‘s recent Agile Security Manifesto. [su_pullquote align=”right” class=””]NOTE: I cannot state whether I’ve employed Cigital professionally but I have had interaction with them in my career.[/su_pullquote] These principles align with security governance, education and scaling throughout an organization versus roles in security domains taking on… Continue reading Cigital’s Agile Security Manifesto
Thoughts on Information Security and Risk Management in an Agile Culture Narrated slidedeck from a presentation given at the Chattanooga chapter of ISSA. In keeping with the Ides of March timing of the presentation, I chose to model my analogy to include references to Julius Caesar and Mark Antony.
[S]oftware solutions delivered to market cost money. Secure software solutions or products and services with critical dependency on secure software solutions cost more money. Hospira is finding this out with its older medical pumps in the Symbiq line. Fiat Chrysler is finding out what fixing a problem in production costs. Their security oversight?… Continue reading Information Security Costs May Be Delayed But At What Price
Business [W]hether your business’ core competencies involve products, services or legally binding promises, delivery is a measuring stick that’s used to evaluate you. Do you deliver what customers want ahead of the industry? Do you deliver it better or cheaper. Do you deliver a different experience; are you a boutique for your industry? Regardless of… Continue reading Delivery IS Business