Information Security Costs May Be Delayed But At What Price

[S]oftware solutions delivered to market cost money. Secure software solutions or products and services with critical dependency on secure software solutions cost more money.  Hospira is finding this out with its older medical pumps in the Symbiq line.     Fiat Chrysler is finding out what fixing a problem in production costs. Their security oversight?… Continue reading Information Security Costs May Be Delayed But At What Price

Legacy Risk Corollary

Risk management encompasses risks to privacy, network, process, brand, etc.  I’m interested in a juncture of two threat vectors in this post. Legacy, in this context, refers to things that have been in-place for a long time.  Often they are heavily depended upon so that they cannot easily be replaced without significant cost and concurrent risk.… Continue reading Legacy Risk Corollary

What Are Controls (Safeguards)?

Controls are logical mechanisms applied in an effort to reduce risk. This may feel vague because the term is primarily an abstract, logical entity that has specific implementations and humans like more concrete, implementable things. Architecturally these entities sit at the logical layer but have concrete instances that are implemented by contextualizing the qualities of… Continue reading What Are Controls (Safeguards)?


Risk is the likelihood that a threat agent (TA) will successfully exploit a vulnerability and introduce loss to a system.

APT – Advanced, Persistent Threat

Given enough adoption of secure policies and frameworks and a threat agent with adequate resources, access and motivation any control/countermeasure/safeguard can be overcome. This means that a sufficiently motivated and backed threat agent (nee “hacker”) can defeat any one (and in multiple cases, any) security controls put in place.   Key takeaway: If you want… Continue reading APT – Advanced, Persistent Threat