White Paper: W102 – SABSA Risk Management Part One – The Meaning of Risk, has been published by The SABSA Institute and is now available on members release. Public release will follow in September 2018. W102 is an introduction to the SABSA view of risk from a philosophical and existential point of view. It is a preparatory tutorial for the […]
Tag: #Risk
The Attributer’s Blog – Cyber Secured
We live in ‘smart world’ with the deployment of cyber technology all around us, and yet as a society and as governments there is a huge amount of denial of what this might mean in terms of risk. Are we really being so smart? We have a collective fear of the effects of climate change on human society, because we […]
The Attributer’s Blog – Business Context Aligned
The British Computer Society June newsletter featured an article by Neil Cordell. The article opens with the following statement: “When it comes to dealing with cyber security, technologists must focus more on threats and controls and less on risk”. Mr. Cordell is concerned that implementing security controls is entirely in the hands of technologists, who have no real idea of […]
The Attributer’s Blog – Patched
In the previous issue of this article we looked at the SABSA Business Attribute ‘Risk Managed’, taking the very highest level ‘helicopter view’. In this issue we shall examine a detailed technical example – looking from the bottom up, rather than from the top down. Software patching is a standard security measure for maintaining the integrity of IT systems, and […]
The Attributer’s Blog – Risk Managed
Ever since the very first version of the SABSA Business Attributes taxonomy developed in early 2000, one of those attributes has been ‘risk managed’. Fourteen years later one might ask the question: “What does that mean? Surely SABSA is all about risk management. One might as well say SABSAised.” Yes, that would be a fair comment, because the evolution of […]
The Attributer’s Blog – Owned
One of the thorniest issues in information security is the matter of ownership. Who is the owner of the data/information? In SABSA this is especially important because the owner will be the person who makes policy about how that data/information should be protected, against which threats, and for exploiting which opportunities. An owner is a domain authority for all data/information […]
The Attributer’s Blog – Valuable
In this issue we shall look at a SABSA Business Attribute that is especially slippery in its character: the attribute ‘valuable’. Value is measureable, but how reliable are those measurements? That’s the slippery bit. The concept of ‘value’ is closely coupled with risk. The concept of ‘risk appetite’ is also involved. This is best explored through a series of case […]