Saw this headline on the InfoSecurity News mailing list today: “Firms spend only up to 20% of their budget on IT security“ This is one of the more bizarre statements I’ve seen in a long time. It refers to one…
Highlights, Random, Threat Management
Top Ten Web Security Risks
by Pete Lindstrom •
Here is a list of the top ten Web security risks: Hidden Manipulation Cookie Poisoning Backdoor and Debug Options Buffer Overflow Stealth Commanding 3rd Party Misconfiguration Known Vulnerabilities Parameter Tampering Cross Site Scripting Forceful Browsing Looks like a pretty timely…
Economics and Risk, Highlights, Metrics, Random
Confirmation Bias at work?
by Pete Lindstrom •
Evan Schuman has an intriguing blog post on the McAfee blog about whether the reduced number of data breach reports at DataLossDB.com are indicative of fewer actual data breaches. His answer is unequivocally “No.” His reasoning is as follows: Media…
Highlights, Metrics, Random
Ramblings while reading Microsoft’s Security Intelligence Report
by Pete Lindstrom •
I just downloaded Microsoft’s Security Intelligence Report. Given my predisposition toward good stats, I am looking forward to reading it. Herewith is a running chronology of my thoughts as I read it: opening pages – 25 authors! even more contributors!…
Highlights, Metrics, Random
Lindstrom’s Razor is not about security spending
by Pete Lindstrom •
After a few conversations, and having seen (part of) Russell Cameron Thomas’ post on the topic, I am beginning to realize that people are making a common mistake about Lindstrom’s Razor, which states: The digital assets in question must be…
Highlights, Metrics, Random
What is “Lindstrom’s Razor”?
by Pete Lindstrom •
Yesterday, Andrew Jaquith from Forrester blogged about digital asset value, in response to Russell Cameron Thomas’ post on the same topic, which was in response to a Jeremiah Grossman tweet*. Andrew’s post mentioned a cost-based approach I use for valuation…