Evidence Based Risk Assessment: Lessons Learned from the Y-12 Breach

By Frederick Scholl | September 3, 2016 |

My approach to risk assessment always includes analysis of actual breaches in an industry similar to the client industry.  This is the evidence-based component of risk analysis.  On July 28, 2012, three protesters broke into the Y-12 Highly Enriched Uranium Manufacturing Facility (HEUMF) in Oak Ridge, Tennessee.  While you may not run a nuclear complex,…

Read More

Cloud Vulnerabilities

By Frederick Scholl | June 3, 2013 |

On May 31, the Cloud Security Alliance released a white paper entitled “Cloud Computing Vulnerability Incidents:  A Statistical Overview”.  This paper analyzes published cloud vulnerabilities reported in the news media from 2008 to 2011.  A total of 172 unique cloud incidents were analyzed to determine root cause and attribution.  The overall mission of the analysis was to…

Read More

Ideas on Risk Management

By Frederick Scholl | March 16, 2009 |

The recent financial meltdown has led me to give some thought to information security risk management processes.  After all, these originated in the financial community in the distant past.  So where does this leave today’s security practioner?  Are risk management processes for IT security valid?  Are we putting our businesses at higher risk for failures? A recent article…

Read More