Quantitative Risk Management with FAIR — Stage 1 — Ransomware scenario

Quantitative Risk Management with FAIR — Stage 1 — Ransomware scenario In order to perform the risk analysis, we’ll need to work with some assumptions so it’s key that those are clear and documented, so they can be improved and challenged by those involved and that usually means both risk analysts, engineers and business owners. So for this example, […]

Quantitative Risk Management with FAIR — Sharing the journey

Quantitative Risk Management with FAIR — Sharing the journey Though I’ve known about FAIR (Factor Analysis of Information Risk) for many years and studied it for a number of different security certifications I’ve taken over the years, I never had the experience of using it on a day to day basis as always worked for organisations that had […]

Using MapScript for Wardley Mapping

Using MapScript for Wardley Mapping Yesterday, I had the pleasure of discussing with Adam B. about his development of MapScript to programatically create Wardley Maps. So, in good Wardley mapping fashion, I used MapScript to map MapScript 🙂 MapScript map of MapScript Right now, the tool is a bit basic and clunky (if we’re being honest) but […]

Reasonable Assurance against predictable Threats

Reasonable Assurance against predictable Threats I’m privileged to have been part of the security “scene” since the late 90s and security industry since early 2000s, when I was still a teenager. Due to this long exposure, and having had multiple types of roles including operations, engineering, penetration testing, marketing and product management, and governance, risk […]