Category Archives: Projects

[Podcast] Infosec, the World & YOU – Episode 1

Posted on by
Reply

Victoria Loewengart (@gisobiz) from AKOTA Technologies and myself (@lbhuston) decided we would start a podcast series to discuss correlation between real world actions and cyber-activity of an illicit nature (“attacks”). This is the first episode which discusses why we think this is a worthy topic for exploration, how it might lead to predictive information security posture improvement and how we got here. 

This episode also covers a real time event that occurred while we were recording that may (or may not) relate to attacks experienced in the time between recording sessions. 

We hope to keep working on it, but this is a first rough attempt, so don’t expect CNN podcast polish. This is a chance for you to stay in touch with a new movement that represents a clear line of evolution for the information security problems of today. 

Stay tuned. We hope to record more episodes as the project progresses.

You can download episode 1 as an MP3 by clicking here.

SDIM Project Update

Posted on by
Reply

Just a quick update on the Stolen Data Impact Model project for today. Basically, we have reached a point where have created an idea that the impact of stolen data should be a curve. We have decided to implement that curve across two axis measured in the following:

Risk to the organization – 0 – 10, obviously subjective.

Those values will be plotted across four time segments: Immediate, Short Term, Intermediate Term and Long Term. Some folks are still discussing if we need a Residual catch all for things that don’t ever go away. If you have thoughts on it, please weigh in.

Thus far, we are leaving the term definitions to the consumer. But we are generally working with them as variable as we run scenarios with variety.

The next step will be to build and publish a couple of quick and dirty sample curves for some common stolen data scenarios. Then, we will begin to generate the scoring mechanism and perhaps a questionnaire for doing the scoring on a more repeatable basis.

If you have thoughts, please weigh in via the comments or touch base with us on Twitter. I will be the main conduit for feedback (@lbhuston). 

Thanks for reading and this process is already proving helpful for some folks, so we enjoy working on it.