IT Risk

9 p.

ANSI approach to the financial impact of cyber risk

A short overview of a recent question-driven dialogue approach to cyber risks as proposed by ANSI.

From: lukeo

  • 694
  • 0
  • 02 / 04 / 2009
132 p.

Canadian Government 1999 Threat and Risk Assessment Guide

A detailed description of an IT threat and risk methodology

From: lukeo

  • 3,721
  • 15
  • 02 / 22 / 2009
99 p.

How much is enough? A Risk Management Approach to Computer Security

The wonderful thesis of Kevin Soo Hoo tracing the history of risk assessment in computer security, and presenting a modern way forward (100 pages, June 2000)

From: lukeo

  • 4,628
  • 8
  • 02 / 22 / 2009
9 p.

Risk Analysis of Power Station survival of Cyber Attack, University of Idaho,...

In this paper we present a new cyber security assessment approach, which merges Survivability System Analysis (SSA) with Probability Risk Assessment (PRA). The method adds quantitative in...

From: lukeo

  • 2,503
  • 1
  • 02 / 22 / 2009
27 p.

How to estimate the cost of IT downtime

A 2002 presentation from Professor David Patterson, UC Berkeley, describing a simple formula for costing system downtime, with excellent remarks on this issue in general.

From: lukeo

  • 1,435
  • 13
  • 08 / 20 / 2009
10 p.

US Border Digital Search Directive, Aug 2009

This is a recent directive issued by the US DHS defining the scope and processes of searching electronic media at a US port of entry.

From: lukeo

  • 627
  • 2
  • 08 / 31 / 2009
23 p.

Threat Modeling for Pharming

Nice document by Cheong Kai Wee of using threat models to understand pharming - the natural evolution of phishing.

From: lukeo

  • 763
  • 6
  • 09 / 09 / 2009
43 p.

Digital States At Risk - Modernizing Legacy Systems

In 2008, NASCIO (National Association of State Chief Information Officers of American states) asked state CIOs to participate in a Web-based survey regarding the status of “legacy systems...

From: lukeo

  • 450
  • 1
  • 11 / 02 / 2009
77 p.

GAO report on bandwidth risks for the financial sector from a Pandemic

Increased demand during a severe pandemic could exceed the capacities of Internet providers’ access networks for residential users and interfere with teleworkers in the securities market ...

From: lukeo

  • 326
  • 0
  • 11 / 05 / 2009
13 p.

Defining and Implementing Metrics for Project Risk Reduction

Great whitepaper from Tom Kendrick of HP on measuring and managing project risks.

From: lukeo

  • 2,947
  • 10
  • 02 / 23 / 2010
65 p.

Risk Management Terms

2007 study by reseachers at the University of Wisconsin.

From: lukeo

  • 2,053
  • 25
  • 02 / 23 / 2010
42 p.

Metrics That Matter

A presentation from Simone Seth on security metrics, given at the ISSA New York Metro Chapter, March 2010.

From: lukeo

  • 1,069
  • 33
  • 04 / 15 / 2010
15 p.

Cloud Computing for Criminals

Comparing the size of the Conficker Botnet to other standard cloud offering, by Rodney Joffe, March 2010.

From: lukeo

  • 621
  • 14
  • 05 / 01 / 2010
13 p.

The Ultimate Cost of Cloud Computing

Lew Tucker, former CTO of SUN, argues that the reductions in cost for cloud computing will bottom out at the cost of power consumption.

From: lukeo

  • 553
  • 22
  • 05 / 01 / 2010
8 p.

Reasoning About IT Risks

I have been meaning for some time to upload this wonderful paper from late 2007 on the top information security risks for the then coming year. The paper was a collaborative work from sev...

From: lukeo

  • 314
  • 8
  • 08 / 30 / 2010
1 2