risk management « Scott Crawford

Why I’m at IBM’s Information on Demand Conference This Week

posted by Scott Crawford | October 22, 2012 | 0 Comments

IBM-Information-on-Demand_jpeg

This week, I’m at a big vendor’s big conference – a conference which, on the surface, may not appear to be primarily about security: IBM’s Information on Demand event in Las Vegas. “But you’re a security analyst. Why are you going to IOD?” you ask. (And if you didn’t, let me explain:) With over 12,000...

Posted in Security Tags: BI, big data, Data-driven security, GRC, IBM, risk management

Blog Series: The Rise of Data-Driven Security

posted by Scott Crawford | May 4, 2011 | one Comments

data-explosion-iStock_000013253555XSmall

(Update: My research report on this topic is now in the EMA library. For further updates on the trend, check out my other posts on data-driven security before and since.) IT security has long been hamstrung by obstacles unknown to many other aspects of the enterprise. Businesses may be able to measure their performance through...

Posted in Security Tags: Data-driven security, risk management

The Rise of Data-Driven Security, Part 5: Synthesis Platforms

posted by Scott Crawford | April 1, 2011 | 0 Comments

data-explosion-iStock_000013253555XSmall

(Ed. note: After too long a hiatus, I wanted to round out this series that began here and continued here, here and here. This will certainly not be the end of my coverage of data-driven security, however. Keep an eye on this blog as the field continues to unfold.) In this series, I’ve described three...

Posted in Security Tags: BI, Data-driven security, intelligence, risk management, Security management, Trends

The Rise of Data-Driven Security, Part 4: The Case for the Fourth Paradigm

posted by Scott Crawford | January 27, 2011 | one Comments

fourthParadigm1

When I first cut my teeth in IT security some years ago, I was a systems administrator for a division of the University Corporation for Atmospheric Research, the parent of the National Center for Atmospheric Research here in Boulder. UCAR/NCAR is what Gordon Bell calls a “data place” – an organization whose mission in part...

Posted in Security Tags: BI, Data-driven security, intelligence, risk management

The Rise of Data-Driven Security, Part 3: Security Management and Strategy

posted by Scott Crawford | January 19, 2011 | one Comments

data-explosion-iStock_000013253555XSmall

In the first two installments in this series, I looked at the rise of Tactical security defenses that are becoming more directly reliant on dynamic data feeds Data sources and emerging data markets to serve both security tactics and security intelligence In this post, I’ll look at the third aspect of data-driven security emerging today, and...

Posted in Security Tags: Data-driven security, risk management, Security management

The Rise of Data-Driven Security, Part 2: Data Sources and Emerging Data Markets

posted by Scott Crawford | January 14, 2011 | 0 Comments

data-explosion-iStock_000013253555XSmall

In my last post, the first in this series, I talked about how recent vendor trends highlight the rise of data-driven tactics for defense. This is just one of three major aspects of data-driven security becoming more prominent in products and services. To recap, those three aspects are: Data-driven tactics which differ from legacy security...

Posted in Security Tags: Data-driven security, intelligence, New School, risk management, Security management

Security, Visibility, Privacy: Pick Any Two?

posted by Scott Crawford | November 22, 2010 | 0 Comments

Is it possible to have security and privacy? The question has been brought to a head recently, with the intense backlash to the US Transportation Security Administration’s more assertive passenger security checks – a reaction that seems likely to become only more heated with the coming of the busy holiday travel season. The issue for...

Posted in Security Tags: intelligence, Privacy, risk management, Security, visibility

Verizon Publishes its VERIS Community Application

posted by Scott Crawford | November 11, 2010 | 0 Comments

The Verizon RISK team have just published their VERIS community application. Structured on the VERIS (Verizon Enterprise Risk and Incident Sharing) framework, this application is a tool they have made available to extend to anyone the ability to contribute information on data breach incidents, to enrich the already considerable body of breach data Verizon has...

Posted in Security Tags: data breach, Information security, New School, risk management, Security, Verizon

A New Security Paradigm: HCIA

posted by Scott Crawford | November 10, 2010 | 0 Comments

HCIA

(Ed. Note: I’ve updated this post to incorporate some great feedback I’ve gotten on it already. I may well do so again to keep it fresh, as I expect to refer to this concept a lot…) In a recent post, I talked about the security value of IT management disciplines such as configuration and change...

Posted in Security Tags: CCM, Change management, HCIA, intelligence, IT risk, risk management, Security, Virtualization, visibility

Security: Going Beyond No, Part 2: Getting to Yes

posted by Scott Crawford | August 31, 2010 | 0 Comments

VisOps-l2

In my last post, I talked about getting beyond “the business of no” in security, to a more effective and thorough approach in which organizations define their objectives, actually implement them, maintain visibility into the environment for consistency with those objectives or activity that could indicate threats, and respond accordingly. This more mature approach is...

Posted in Security Tags: CCM, Change management, risk management, Security