Home page logo

basics logo Security Basics mailing list archives

RE: Risk Assesment Tools
From: "Mikhail A. Utin" <mutin () commonwealthcare org>
Date: Mon, 9 Jul 2012 10:16:19 -0400

Hello List,
I once wrote that risk assessment/estimate based on quantitative method is statistically incorrect. No vendor can claim 
having reliable statistics for following modeling. The problem is in infinite (and mostly unknown) security events and 
infinite number of exposures.  Try first answering how many malware species we have. If you can get such number then 
move to identify how each of them will affect each computer on this planet. And that is only a part of the proble. Next 
is to identify a monetary value of each security event on each computer.

So, do not trust automation tools when a vendor promises "value".

Qualitative method will work, because it is based on an expert's estimate and may involve personally collected 
statistics (yet of course unreliable), which gives a "value" but it is based only on personal understanding of risks 
and exposures. 


Mikhail Utin, CISSP, PhD

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ricardo Raga
Sent: Wednesday, July 04, 2012 8:00 AM
To: 'Anwar Khan'; security-basics () securityfocus com; pen-test () securityfocus com
Subject: RES: Risk Assesment Tools


Ricardo Raga
Segurança da informação - TI

Fast Solutions
Rua Heitor Peixoto, 681 - Cambuci
CEP:01543-001 - Sâo Paulo - SP

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]