Security Basics mailing list archives
RE: Risk Assesment Tools
From: "Mikhail A. Utin" <mutin () commonwealthcare org>
Date: Mon, 9 Jul 2012 10:16:19 -0400
Hello List, I once wrote that risk assessment/estimate based on quantitative method is statistically incorrect. No vendor can claim having reliable statistics for following modeling. The problem is in infinite (and mostly unknown) security events and infinite number of exposures. Try first answering how many malware species we have. If you can get such number then move to identify how each of them will affect each computer on this planet. And that is only a part of the proble. Next is to identify a monetary value of each security event on each computer. So, do not trust automation tools when a vendor promises "value". Qualitative method will work, because it is based on an expert's estimate and may involve personally collected statistics (yet of course unreliable), which gives a "value" but it is based only on personal understanding of risks and exposures. Regards Mikhail Utin, CISSP, PhD -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ricardo Raga Sent: Wednesday, July 04, 2012 8:00 AM To: 'Anwar Khan'; security-basics () securityfocus com; pen-test () securityfocus com Subject: RES: Risk Assesment Tools www.smart-ra.com Ricardo Raga Segurança da informação - TI Fast Solutions Rua Heitor Peixoto, 681 - Cambuci CEP:01543-001 - Sâo Paulo - SP www.fastsolutions.com.br CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Risk Assesment Tools Anwar Khan (Jul 04)
- RES: Risk Assesment Tools Ricardo Raga (Jul 04)
- RE: Risk Assesment Tools Mikhail A. Utin (Jul 09)
- <Possible follow-ups>
- RE: Risk Assesment Tools Jerome Athias (Jul 10)
- RES: Risk Assesment Tools Ricardo Raga (Jul 04)