Home > Intel Communities > Open Port IT Community > IT@Intel > Blog > 2007 > September > 14
Up to Blog Posts in IT@Intel
Previous Next

IT@Intel Blog

Currently Being Moderated
Tim Casey
7

Power Tools in Information Risk Management

Posted by Tim Casey on Sep 14, 2007 6:49:00 PM

In this audiocast, information security analyst Tim Casey talks about three tools used to help manage risks to sensitive information: risk assessments, risk modeling, and standardized threat agent characterizations. Along with other tools and methods, these three play an important part in managing Intel’s information security profile.

 

</embed>


 

I love tools. I have a whole garage full of them. Big ones, small ones, ones with wicked sharp edges, ones for removing tiny splinters from fingers, and a few really heavy ones. My wife always wants me to clean some out, but how can I handle all the things that need fixing without a full tool compliment? I especially like the power tools. Nothing says “massive amounts of impressive work” like the shouting-loud whir of a 3/4HP tool tearing through a piece of metal.

 

It occurred to me recently (while power-driving 3" nails into a joist for a new support) that in my work in information security at Intel, I need power tools, there, too. Information security used to mostly mean adding passwords to accounts and stamping sensitive print-outs “Secret” —essentially, we could get by with just some simple security hand tools. Now we are dealing with increasingly complex environments, and increasing sophisticated attackers, so we need better and better tools to keep our information safe. Network scanners, intrusion-detection devices and the like are essential, but we also need tools that help us understand the big picture when it comes to overall information security risk. These risk management “power tools” help anticipate problems and concentrate limited security resources where they are needed most. The three I use most often are risk assessment, risk modeling, and our new Threat Agent Taxonomy & Library.

 

For more in-depth information, check out my new white paper Threat Agent Library Helps Identify Information Security Risks.

 

These are very useful tools, but as I mentioned, there are plenty more. I’m curious as how much others use these techniques, as well as what other risk management tools or methods you are using. Are they home-grown or off-the-shelf? Are there any special adaptations you needed to make for your environment? Put on your safety goggles and let me know what infosec power tools you are using.

Tags: information_security, security, risk_management, risk_assessment, risk_modeling, threat_agent_library


Add a comment Leave a comment on this blog post.
Feb 23, 2008 11:45 PM Guest Alpharetta Georgia Real Estate  says:

These are some great tools that we could use in our business to protect ourselves. I am curious as well to see what other people are using and weather they are homegrown or not.
Reply
Oct 24, 2008 5:36 AM Guest Angelina  says:

Yes, Right now this is the big problem with bussinessman. But as I know there are also some great tools available at market for business protection.
Reply
Mar 2, 2009 3:22 AM Guest Atlanta Houses Discounts  says:

thanks for those tools. i have been using some. so i am really happy for learning more from you. thanks
Reply
Jun 6, 2009 1:49 PM Guest Tampa Real Estate  says:

Thanks for these insites...The risk management area is getting hotter as we see so many losses accross industries
Reply
Jun 10, 2009 5:00 AM Guest small conservatories  says:

It is really great tool to make your work more easier.
Reply
Jun 11, 2009 3:01 AM Guest San Diego Luxury Homes  says:

There are a host of biometric security measures that we could easily make commonplace in our daily lives.  I'd like to see eye scanners in the supermarket checkout lines... if they could come up with a good way to keep them sanitary.  The most common security tool that I carry is a key fab that we use to enter encrypted passwords into the San Diego MLS.  The only problem.. the quartz crystal display is prone to breakage.

Thanks for your post!
Reply
Sep 6, 2009 8:24 PM Guest Michael Bussio  says:

As you may know, “most corporations actively manage enterprise risks that directly affect business organizations, such as credit, market, and operational risks. Credit risk, for example, has become an enormous industry—in 2008, banks will likely have spent near $8 billion on credit risk software alone.

Yet, most businesses spend far less energy on the assessment and management of political risk…Business decision makers, investors, and risk managers tend to ignore political risk until it produces a crisis—like the one that muddied Russian markets back in 1998.”

But my favorite example of what I am speaking about is Hughes Aircraft and Iran. I had heard years ago that Hughes Aircraft (when there was a Hughes Aircraft) had a department called “Strategic Planning”.  It could just as well be called the Risk Management Group, dealing with various scenario challenges. Be that as it may, this department at Hughes was made up of historians, economists, political scientists, and finance people.

The department charter was to report/write what I would call risk analysis reports. Specifically one stands out in my mind so the story goes. In 1978, this group warned the CEO to pull everything Hughes had out of Iran, and Hughes had plenty. The CEO did, and Hughes did not lose so much as one penny unlike many other American corporations who lost a lot. And Hughes made this great savings in time, material, and personnel, thanks in large part to the Strategic Planning Department.

It is important to note that “with the increases in global economic integrations, trade, and capital mobility in recent decades, combined with growing political instability and government intervention in markets, there is a climate in which political risk is more relevant than ever to corporations and governments”. 

I hope Intel has such a department.



 
Reply

Actions

Popular Blog Posts