no more cubes

  • Spanning-Tree Analysis

    Maps all possible threats to an information system according to general risk categories.

  • SOMAP

    Security Officers Management and Analysis Project. A Swiss non-profit organization.

  • Value at Risk (VAR)

    The Value at Risk (VAR) framework knows four stages: Identify threats Estimate likelyhood Estimate VAR Mitigate risk  

  • P.U.S.H.

    The four phases of PUSH are: Preparation Defining audience and purpose of risk assessment. Universe definition identifying and characterizing most critical assets, risks and controls. Scoring choosing consistent scales to rate importance of assets, impact of risk and the effectiveness of controls. Hitting the mark ensure risk assesment fulfils the purpose set out in the…

  • Risk Assessment Methodolgies

    OCTAVE is a self-directed, interdisciplinary team, focusing on operational risk and security practices, performing risk analysis. FRAP is a qualitative risk analysis approach that uses pre-screening to identify critical risk areas. NIST is a qualitative risk assessment methodology established with healthcare in mind. “Failure modes and effect analysis” assess risk by examining the effects of…

  • Methodological Frameworks

    ISO 27000 is a series of of standards to manage information security ITIL is comprised of a series of books aiming to improve IT service management and IT processes COSO is a framework for financial reporting and disclosure COBIT is a four domain model for IT governance and has 214 control objectives

  • Baselines, Procedures, Guidelines & Policies

    Baselines define a minimum technical standard that should be maintained across the organization Procedures are step-by-step instruction on how to comply with security requirements. Guidelines give discretionary guidance on how to comply with security requirements best. Policies define security requirements broadly.

  • email ain't work.

    email is one of my favorite topics when it comes to modern ways of working. There were a few articles on this blog concerning email to be abolished by major organizations in favour of social media (which won’t solve the underlying problem…) Communication is essential to most jobs, but so is productivity. Claire Diaz Ortiz…

  • Lessons Learneds – Flight Projects Directorate Code 400

    Raum- und Mondmissionen sind berühmt für hervorragendes Projektmanagement und so finden sich bei der NASA auch schöne Dokumente zu dem Thema. Besonders schön zu lesen sind die 128. von Jerry Madden, Retired Associate Director (400), niedergeschriebenen Erfahrungen (Lessons Learned) zu lesen. Bezüglich Meetings hat er eine ganze Reihe von Ratschlägen. Einer hat meine ganz besondere…

  • Bügeleisen infizieren per WLAN PCs mit Malware

    (Chinesische) Bügeleisen infizieren per WLAN (russische) PCs mit Malware

Product Management