http://communities.intel.com/community/openportit/it/blog IT@Intel Wed, 25 Nov 2009 18:36:30 GMT Clearspace 2.5.9 (http://jivesoftware.com/products/clearspace/) 2009-11-25T18:36:30Z http://communities.intel.com/community/openportit/it/blog/2009/11/25/who-should-start-the-data-security-revolution After posting the video and opinion paper It is Time for a Data Security Revolution! a reader posed a simple yet deep question.  GroogFish, in the YouTube video comments asked ...who is supposed to start this "revolution"?  As my response is a bit roi value information_security model risk matthew_rosenquist it security rosi optimal_security matthew rosenquist intel it@intel Wed, 25 Nov 2009 19:02:18 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/11/25/who-should-start-the-data-security-revolution 2009-11-25T19:02:18Z 3 days, 7 hours ago http://communities.intel.com/community/openportit/it/blog/comment/who-should-start-the-data-security-revolution http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12893 http://communities.intel.com/community/openportit/it/blog/2009/11/13/taking-back-the-security-initiative Threat agents maintain the initiative and we respond to restore balance. The bad guys innovate, find exposures, and use technology which they can leverage to achieve their objectives.  They take the first step, set the tempo, and lead this wicked threat security roi value rosi information_security intel_it strategy optimal matthew_rosenquist matthew rosenquist it optimal_security model risk it@intel Fri, 13 Nov 2009 19:21:37 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/11/13/taking-back-the-security-initiative 2009-11-13T19:21:37Z 2 weeks, 1 day ago http://communities.intel.com/community/openportit/it/blog/comment/taking-back-the-security-initiative http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12842 http://communities.intel.com/community/openportit/it/blog/2009/10/22/how-to-value-digital-assets Russell C Thomas delivers a great post on How to Value Digital Assets .  It covers many basics and more importantly gives a good direction to take while spotlighting common pitfalls in the valuation journey. “This tutorial article presents one method security roi rosi information_security optimal_security model matthew rosenquist asset value risk matthew_rosenquist intel it it@intel Thu, 22 Oct 2009 19:05:38 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/10/22/how-to-value-digital-assets 2009-10-22T19:05:38Z 1 month, 1 week ago 2 http://communities.intel.com/community/openportit/it/blog/comment/how-to-value-digital-assets http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12736 http://communities.intel.com/community/openportit/it/blog/2009/10/20/is-data-security-really-that-bad With a painful taste of irony, it was recently reported that the Ministry of Defense's (MoD) manual explaining how to prevent leaks, was itself leaked.  Source: The telegraph.co.uk   "The Defense Manual of Security is intended to help MoD, armed value information_security risk it@intel information roi rosi intel security model matthew rosenquist it data optimal_security matthew_rosenquist Tue, 20 Oct 2009 20:33:55 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/10/20/is-data-security-really-that-bad 2009-10-20T20:33:55Z 1 month, 1 week ago http://communities.intel.com/community/openportit/it/blog/comment/is-data-security-really-that-bad http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12720 http://communities.intel.com/community/openportit/it/blog/2009/07/09/the-sad-story-of-information-security-risk-metrics Risk metrics are the heart and soul of information security indicators.  An increasing proliferation of tools and assessments has emerged, attempting to quantify states of information security.  Given the nature of what is trying to be measured, this is openportpromo rosi roi value information_security threat measure security optimal_security model risk matthew_rosenquist matthew rosenquist metric Thu, 09 Jul 2009 17:27:47 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/07/09/the-sad-story-of-information-security-risk-metrics 2009-07-09T17:27:47Z 4 months, 3 weeks ago 1 http://communities.intel.com/community/openportit/it/blog/comment/the-sad-story-of-information-security-risk-metrics http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12333 http://communities.intel.com/community/openportit/it/blog/2009/07/07/explaining-the-value-of-security-spending--video Measuring the Return on Investment (ROI) of information security is challenging but not impossible.  It is important to understand the necessary components and how they interrelate.  In this brief video, I discuss one way of expressing value in relation optimal_security roi matthew_rosenquist rosenquist openportpromo risk security value rosi information_security model Tue, 07 Jul 2009 17:42:45 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/07/07/explaining-the-value-of-security-spending--video 2009-07-07T17:42:45Z 4 months, 3 weeks ago http://communities.intel.com/community/openportit/it/blog/comment/explaining-the-value-of-security-spending--video http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12326 http://communities.intel.com/community/openportit/it/blog/2009/06/23/can-optimal-and-flexible-security-be-mandated I was recently trading thoughts with Anton Chuvakin, a respected security metrics professional, in a philosophical discussion of perfection and quality of security.  Admittedly, I was on auto-pilot (operating without the benefit of coffee) rattling away model risk matthew_rosenquist openportpromo strategy optimal roi rosi information_security matthew security value optimal_security rosenquist Tue, 23 Jun 2009 17:51:04 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/06/23/can-optimal-and-flexible-security-be-mandated 2009-06-23T17:51:04Z 5 months, 1 week ago 1 http://communities.intel.com/community/openportit/it/blog/comment/can-optimal-and-flexible-security-be-mandated http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12287 http://communities.intel.com/community/openportit/it/blog/2009/06/12/strategy-for-sustaining-optimal-security Optimal security must not only be attained, but also sustained over time.  A good security strategy must be forward thinking to understand how intervention and continual maintenance will be needed, then implement those capabilities as part of a complete openportpromo it it@intel strategy model rosi matthew_rosenquist information_security corporate_security intel_it optimal_security roi security value risk rosenquist Fri, 12 Jun 2009 22:14:16 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/06/12/strategy-for-sustaining-optimal-security 2009-06-12T22:14:16Z 5 months, 2 weeks ago http://communities.intel.com/community/openportit/it/blog/comment/strategy-for-sustaining-optimal-security http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12269 http://communities.intel.com/community/openportit/it/blog/2009/04/20/has-the-value-of-patch-management-disappeared Is the value of patch management decreasing?  Some experts say, due to a rise in privately held vulnerabilities, the value of patch management is eroding.  Others feel patching is losing the race and becoming too little and too late with the rapid patching roi matthew_rosenquist it@intel patch strategy value rosi information_security risk optimal_security security model rosenquist it intel_it Mon, 20 Apr 2009 18:16:13 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/04/20/has-the-value-of-patch-management-disappeared 2009-04-20T18:16:13Z 7 months, 1 week ago 4 http://communities.intel.com/community/openportit/it/blog/comment/has-the-value-of-patch-management-disappeared http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=12077 http://communities.intel.com/community/openportit/it/blog/2009/03/02/top-techniques-for-measuring-security-value Choosing the right method to measure security value is important but not necessarily intuitive.   Some years ago, at the prodding of our department training expert, I developed a class teaching how to think critically while calculating information security model rosi information_security value rosenquist risk measure roi matthew_rosenquist metric optimal_security Mon, 02 Mar 2009 19:06:46 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2009/03/02/top-techniques-for-measuring-security-value 2009-03-02T19:06:46Z 9 months, 1 day ago 1 http://communities.intel.com/community/openportit/it/blog/comment/top-techniques-for-measuring-security-value http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=11937 http://communities.intel.com/community/openportit/it/blog/2008/12/11/how-security-programs-reduce-loss Most security programs show value by either reducing the number of incident occurrences or reducing the impact of those incidents.Understanding where a program draws its value and how it fits in a defense-in-depth strategy, gives insights to where it security roi value rosi information_security defense_in_depth optimal_security model risk matthew_rosenquist rosenquist Thu, 11 Dec 2008 23:54:28 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2008/12/11/how-security-programs-reduce-loss 2008-12-11T23:54:28Z 11 months, 3 weeks ago http://communities.intel.com/community/openportit/it/blog/comment/how-security-programs-reduce-loss http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=11759 http://communities.intel.com/community/openportit/it/blog/2008/11/14/fortune-cookie-security-advice-november-2008 Everyone wants information security to be easy. Wouldn't it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don't try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to security roi value rosi information_security optimal_security model risk matthew_rosenquist rosenquist policy defense_in_depth threat Fri, 14 Nov 2008 19:11:47 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2008/11/14/fortune-cookie-security-advice-november-2008 2008-11-14T19:11:47Z 1 year, 2 weeks ago http://communities.intel.com/community/openportit/it/blog/comment/fortune-cookie-security-advice-november-2008 http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=11704 http://communities.intel.com/community/openportit/it/blog/2008/09/17/fortune-cookie-security-advice-september-2008 Everyone wants information security to be easy. Wouldn't it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don't try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to threat security roi value rosi information_security optimal_security model risk matthew_rosenquist rosenquist policy defense_in_depth Wed, 17 Sep 2008 18:12:10 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2008/09/17/fortune-cookie-security-advice-september-2008 2008-09-17T18:12:10Z 1 year, 2 months ago http://communities.intel.com/community/openportit/it/blog/comment/fortune-cookie-security-advice-september-2008 http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=11529 http://communities.intel.com/community/openportit/it/blog/2008/08/25/fortune-cookie-security-advice-august-2008 Everyone wants information security to be easy. Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to security roi value rosi information_security optimal_security model risk matthew_rosenquist rosenquist policy Mon, 25 Aug 2008 17:27:54 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2008/08/25/fortune-cookie-security-advice-august-2008 2008-08-25T17:27:54Z 1 year, 3 months ago http://communities.intel.com/community/openportit/it/blog/comment/fortune-cookie-security-advice-august-2008 http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=11464 http://communities.intel.com/community/openportit/it/blog/2008/08/25/are-security-roi-figures-meaningless Recently, security expert Bruce Schneier expounded security ROI figures were meaningless! Is it true? Well, yes and no.   The brutal truth. Well respected information security expert Bruce Schneier recently provided a stark opinion regarding the model risk matthew_rosenquist rosenquist security roi value rosi information_security optimal_security Mon, 25 Aug 2008 14:56:19 GMT matthew.rosenquist@intel.com http://communities.intel.com/community/openportit/it/blog/2008/08/25/are-security-roi-figures-meaningless 2008-08-25T14:56:19Z 1 year, 6 months ago 8 http://communities.intel.com/community/openportit/it/blog/comment/are-security-roi-figures-meaningless http://communities.intel.com/community/openportit/it/blog/feeds/comments?blogPost=11138