Jon's Network

Network Security News, Analysis and Ephemera

Jon's Network - Murrieta, CA

Risk Management

  • VERIS: Sharing and standardizing risk and incident reports
  • MetricsCenter Articles
  • FAIR Risk Webinar for Cisco
  • What exactly is an open-ended problem?
  • AIG Perfect Example of Private Insurance
  • Don’t Regulate Cyberinsurance Markets
  • Latest entries to this category....

    VERIS: Sharing and standardizing risk and incident reports

    February 25th, 2011 · No Comments

    Here is a brief interview of @alexhutton on the VERIS Framework and standardizing incident reports.

    [Read more →]

    Tags: Risk Management

    MetricsCenter Articles

    August 27th, 2008 · No Comments

    MetricsCenter Articles Stuff to read on security metrics.

    [Read more →]

    Tags: Risk · Risk Management

    FAIR Risk Webinar for Cisco

    June 3rd, 2008 · No Comments

    Jack Jones of RMI will be doing a preso for the Cisco InfoSec Leadership Forum. I would love to see this but I’ll be on vacation. Maybe I’ll catch the replay if they have one. You can sign up here: http://tinyurl.com/5wgh2s

    [Read more →]

    Tags: Risk Management

    What exactly is an open-ended problem?

    April 21st, 2008 · 1 Comment

    What exactly is an open-ended problem? It’s a problem with no obviously right answer. This uncertainty causes great discomfort for many that are accustomed to approaching problems as if there is a single right answer. This, however, is a sign of underdeveloped critical thinking ability. Jack posted a bit on the importance of critical thinking [...]

    [Read more →]

    Tags: Critical Thinking · Models · Risk Management

    AIG Perfect Example of Private Insurance

    October 3rd, 2007 · 1 Comment

    Another nice bit of information about insurance markets from the Cyberinsurance article I blogged earlier: Fire insurance markets thus involve not only underwriters, agents, and clients, but also code writers, inspectors, and vendors of products and services for fire prevention and protection. Although government remains involved, well-functioning markets for fire insurance keep the responsibility for [...]

    [Read more →]

    Tags: insurance · Risk · Risk Management

    Don’t Regulate Cyberinsurance Markets

    October 3rd, 2007 · 3 Comments

    Any such security regulation can only reduce the amount of wealth and comfort the economy produces because it is foisting one man’s values upon another – “for the public good”. At Bejtlich’s recommendation, I read with great interest Cyberinsurance in IT Security Management by Walter S. Baer and Andrew Parkinson. The bulk of the paper [...]

    [Read more →]

    Tags: Economics · Free Markets · insurance · Risk · Risk Management · Security