Category: Infosec

May 13th, 2017 by John

Microsoft released patches for legacy systems affected by WannaCrypt attacks.

Customer Guidance for WannaCrypt attacks

Posted in Exploits & Attacks, Infosec

May 10th, 2017 by John

The author and RAND researchers recently wrote a paper detailing their findings on how cyber insurers understand and price risk.

Gaining insight into how cyber insurers understand and price risk

Posted in Infosec, Risk Management

April 26th, 2017 by John

Major General Brett I. Williams discusses the distinction between cyberwarfare and information warfare. The distinction can be important!

Posted in Blog, Infosec, Nation State

April 25th, 2017 by John

Solomon Smith and I presented at the Spring ISACA meeting in Iowa City, IA today on cyber education. 

http://alignedsecurity.com/index.php/2017/04/25/illowa-isaca-cyber-education-presentation/

Posted in Blog, Community, Events, Infosec

April 20th, 2017 by John

Home | The Security Cards: A Security Threat Brainstorming Kit

The University of Washington has developed a set of 42 playing cards for modeling security and privacy threats. The cards encourage you to brainstorm about potential threats along 4 dimensions:

  • HUMAN IMPACT
  • ADVERSARY’S MOTIVATIONS
  • ADVERSARY’S RESOURCES
  • ADVERSARY’S METHODS

You may print the cards yourself or request them from the university.

Posted in Cool-Stuff, Exploits & Attacks, Infosec

April 19th, 2017 by John

This article has some very good insights regarding what board members say they want and what they are getting from CISOs. They still tend to be skeptical of risk presented as loss predictions in dollars. Storytelling still has an important role to play.

Posted in Infosec, Risk Management