tag:blogger.com,1999:blog-57971851064079378712011-04-21T20:40:45.423-07:00Stephen Hatfieldhttp://www.blogger.com/profile/09582518811181910799noreply@blogger.comBlogger11100tag:blogger.com,1999:blog-5797185106407937871.post-63409410097267874812008-06-22T14:35:00.000-07:002008-06-22T15:09:09.680-07:00Welcome to Stephen Hatfield's blog - musings on information security and life in general.<br /><br /><strong>Risks and Security Modelling</strong><br /><br />As an active consultant in the information security field I took the plunge earlier this year and returned to academia part time and am currently taking an MSc in Software Engineering at <a href="http://www.softeng.ox.ac.uk/">Oxford University</a>. Oxford have rounded out their portfolio of security courses since I last studied there and it has been particularly interesting to particpate in the <a href="https://www.softeng.ox.ac.uk/subjects/DES.html">Security Design</a>, <a href="https://www.softeng.ox.ac.uk/subjects/RIS.html">Risk Analysis </a>and <a href="https://www.softeng.ox.ac.uk/subjects/PAS.html">People and Security </a>modules. To date the quality of the lecturers has been excellent - partly assisted by the topicality of the subject matter as we have discussed a number of issues in the news, including of course the significant data losses in the UK by public and private organisations.<br /><br />The risk analysis module included some practical demonstrations of tools which are available to the risk analyst:<br /><a href="http://www.infogov.co.uk/">Proteus</a><br /><a href="http://msdn.microsoft.com/en-us/security/aa570413.aspx">Microsoft Threat Analyser</a><br />Although each of these has particular uses they illustrate that there is still a long way to go in being able to manage the complexity of modelling and managing risk for an enterprise.<br /><br />A follow up cursory search doesn't give me a warm feeling that industry is addressing this in a way that will meet our needs in the future as the risk landscape shifts in favour of the attackers.<br /><br />Something to ponder then, what would better look like? And how would we get it into the hands of the people who need it?<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5797185106407937871-6340941009726787481?l=insecurecomms.blogspot.com' alt='' /></div>Stephen Hatfieldhttp://www.blogger.com/profile/09582518811181910799noreply@blogger.com0