As a part of my new role with RiskLens, I’ve been publishing several articles. Included here is a recap of my work over the past month:
- The ZombieLoad speculative execution bug raised the specter of a possible 40% hit in performance. I gave a plan to evaluate this new bug in the context of risk trade-offs here and here.
- For the @ISACA newsletter, I wrote about the importance of understanding business processes when conducting risk analyses. The specific list of business concepts I thought were important are included in the article here and RiskLens promoted it here (where they called me a security nerd LOL).
- I presented on integrating FAIR into the HITRUST CSF model along with Jason Martin from Highmark Health. The slides from this presentation are here.
- The new DHS Binding Operational Directive requires accelerated patching for critical and high security vulnerabilities. My thoughts on this are here for Homeland Security Today.