Posts

Showing posts from February, 2014

toolsmith: SimpleRisk - Enterprise Risk Management Simplified

Image
Prerequisites/dependencies LAMP/XAMPP server
Introduction Our editorial theme for February’s ISSA Journal happens to be Risk, Threats, and Vulnerabilities which means that Josh Sokol’s SimpleRisk as our toolsmith topic is bona fide kismet. I am a major advocate for simplicity and as the occasional practitioner of simpleton arts, SimpleRisk fits my needs perfectly. SimpleRisk is a free and open source web application, released under Mozilla Public License 2.0, and is extremely useful in performing risk management activities. In my new role at Microsoft, I’m building, with a fine team of engineers, a Threat Intelligence and Engineering practice. This effort is intended to be much more robust than what you may currently understand to be Threat Intelligence. Limiting such activity to monitoring threat feeds, deriving indicators of compromise, and reporting out findings is insufficient to cover the vast realm of risk, threats, and vulnerabilities. As such, we include constant threat assessm…