Jon's Network

Here is a brief interview of @alexhutton on the VERIS Framework and standardizing incident reports.

[Read more →]

MetricsCenter Articles Stuff to read on security metrics.

[Read more →]

Jack Jones of RMI will be doing a preso for the Cisco InfoSec Leadership Forum. I would love to see this but I’ll be on vacation. Maybe I’ll catch the replay if they have one. You can sign up here: http://tinyurl.com/5wgh2s

[Read more →]

What exactly is an open-ended problem? It’s a problem with no obviously right answer. This uncertainty causes great discomfort for many that are accustomed to approaching problems as if there is a single right answer. This, however, is a sign of underdeveloped critical thinking ability. Jack posted a bit on the importance of critical thinking [...]

[Read more →]

Another nice bit of information about insurance markets from the Cyberinsurance article I blogged earlier: Fire insurance markets thus involve not only underwriters, agents, and clients, but also code writers, inspectors, and vendors of products and services for fire prevention and protection. Although government remains involved, well-functioning markets for fire insurance keep the responsibility for [...]

[Read more →]

Any such security regulation can only reduce the amount of wealth and comfort the economy produces because it is foisting one man’s values upon another – “for the public good”. At Bejtlich’s recommendation, I read with great interest Cyberinsurance in IT Security Management by Walter S. Baer and Andrew Parkinson. The bulk of the paper [...]

[Read more →]