Jason Miller, Executive Editor for FederalNewsRadio, write in his article, “Agencies to justify not using cloud computing to OMB” that OMB “will require agencies to develop an alternative analysis discussing how they could use cloud computing for all major technology projects for the fiscal 2012 budget.” This is according to an internal budget documents [...]
Read Full Post »
Posted in Aneesh Chopra, CCE, CPE, CVE, CVSS, Cloud Computing, IDS, Management, Metrics, NCP, NIST, OVAL, Policies, Risk, SCAP, Vulnerability, XCCDF on Aug 9th, 2009
“While the NSA has a great red-team (think pen-test) capability, they had a major change of heart and realized, like the rest of the security world (*cough* Ranum *cough*), that while attacking is fun, it isn’t very productive at defending your systems – there is much more work to be done for the defenders, and [...]
Read Full Post »
Recently I was asked if I could provide a few pointers to help in developing a risk assessment process for an organization. I thought I would share my response. First, I would like to draw your attention to the mind map image over to the left of this text. The mind map [...]
Read Full Post »
