recentpopularlog in


« earlier   
Risk Management Collection - NCSC Site
"Welcome to the NCSC's guidance on Risk Management for Cyber Security. In this collection, we'll be outlining the fundamentals of risk management, and describing techniques you can use to manage cyber security risks."
security  risk  risk_management  guidelines  government  cyber_security  dopost 
2 days ago by niksilver
An example of game theory in risk management | Norman Marks on Governance, Risk Management, and Audit
"One consultant from a major accounting firm suggested establishing a ‘risk appetite’. But management is not sure that means anything tangible to them. They believe that the right approach, with which I agree, is to understand the options, how they will change the risk at what cost, and then select from them the one or more that make good business sense."
risk_management  game_theory  uncertainty  dopost 
10 days ago by niksilver
The most important audits my team performed | Norman Marks on Governance, Risk Management, and Audit
"Internal auditors should understand that business is not about avoiding or limiting risk, it is about taking the right risk. I have learned that all internal auditors should consider themselves business people who have a job as internal auditors."
dopost  risk_management  auditing 
14 days ago by niksilver
A Deeper Dive into Spectre and Meltdown
"This is a follow up to 'Meltdown and Spectre: What They Are and How to Deal with Them' taking a deeper look at: the characteristics of the vulnerability and potential attacks, why its necessary to patch cloud virtual machines even though the cloud service providers have already applied patches, the nature of the performance impact and how it's affecting real world applications, the need for threat modelling, the role of anti virus, how hardware is affected, and what's likely to change in the long term."
intel  security  hacking  dopost 
15 days ago by niksilver
“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws | Ars Technica
"The presence of the data in the cache can then be detected, because accessing it will be a little bit quicker than if it weren't cached. Other data structures in the processor, such as the branch predictor, can also be probed and have their performance measured, which can similarly be used to reveal sensitive information."
security  intel  amd  dopost 
19 days ago by niksilver
New bill could finally get rid of paperless voting machines | Ars Technica
"Some states already do post-election audits, but even here Halderman argues there's room for improvements. States can maximize the effectiveness of these audits and minimize costs by varying the size of each recount based on the victory margin."
statistics  elections  voting  security  usa  dopost 
19 days ago by niksilver
What’s behind the Intel design flaw forcing numerous patches? | Ars Technica
"Since the Linux patches first came to light, a clearer picture of what seems to be wrong has emerged. While Linux and Windows differ in many regards, the basic elements of how these two operating systems [...] handle system memory is the same..."
security  intel  linux  windows  macros  dopost 
20 days ago by niksilver
You don't ever deliver an Epic User Story even if your Agile tool says you do!
"Clear concise user requirements emerge throughout the journey of an agile project, and the "Epics" are just wrappers along the way."
agile  delivery  business_analysis  epics  backlogs  dopost 
20 days ago by niksilver
Measuring Ethical Culture – Tapping Into “Open Secrets” - The Protiviti View
"I can’t think of an internal investigation of corruption, fraud or misconduct in which the underlying conduct that was at the center of the need for the investigation wasn’t an “open secret” at the company."
ethics  compliance  culture  surveys  dopost 
24 days ago by niksilver
Identifying, assessing, and evaluating risk is the easy part | Norman Marks on Governance, Risk Management, and Audit
"Many ERM programs stop when they have identified a risk, determined its level, assigned an owner, and said what will be done about it. But they usually don’t provide a disciplined process for evaluating the options and identifying the new or modified risks that result from the decision on how to address the original risk – and, essentially, factoring that into the selection process."
risk_management  risk  management  standards  dopost 
27 days ago by niksilver
Chinese hackers go after think tanks in wave of more surgical strikes | Ars Technica
"The think tank attacks in October and November had all the hallmarks of a Chinese operation. The attackers worked largely during Beijing business hours, used tried-and-true (and widely available) tools, and were highly focused in their attempts to extract data."
china  hacking  security  phishing  dopost 
4 weeks ago by niksilver
Bitcoin: Seven questions you were too embarrassed to ask | Ars Technica
"One back-of-the-envelope calculation suggested that each bitcoin transaction uses 252kWh of electricity—enough to power a typical American home for eight days."
bitcoin  energy  dopost 
4 weeks ago by niksilver
Iced tea company rebrands as “Long Blockchain” and stock price triples | Ars Technica
"The stock market loved the announcement. Trading opened Thursday morning more than 200 percent higher than Wednesday night's closing price."
blockchain  weird  stock_market  dopost 
4 weeks ago by niksilver
Revenue and Customs Brief 9 (2014): Bitcoin and other cryptocurrencies - GOV.UK
"This brief sets out HM Revenue and Customs (HMRC) position on the tax treatment of income received from, and charges made in connection with, activities involving Bitcoin and other similar cryptocurrencies, specifically for VAT, Corporation Tax (CT), Income Tax (IT) and Capital Gains Tax (CGT)."
bitcoin  hmrc  tax  guidelines  dopost 
4 weeks ago by niksilver
'He began to eat Hermione's family': bot tries to write Harry Potter book – and fails in magic ways | Books | The Guardian
"After being fed all seven Potter tales, a predictive keyboard has produced a tale that veers from almost genuine to gloriously bonkers"
harry_potter  artificial_intelligence  humour  dopost 
5 weeks ago by niksilver
Is Bitcoin a bubble? Here’s what two bubble experts told us | Ars Technica
"Both academics saw clear parallels between the bubbles they've studied and Bitcoin's current rally. Bubbles tend to be driven either by new technologies (like railroads in 1840s Britain or the Internet in the 1990s) or by new financial innovations (like the financial engineering that produced the 2008 financial crisis)."
finance  bitcoin  history  dopost 
6 weeks ago by niksilver
Risk and Game Theory | Norman Marks on Governance, Risk Management, and Audit
"It is important to consider not only your actions but also those of the other parties. I will leave it to my friend, Ruth Fisher[i], to pick up the explanation of how Game Theory can help you assess the situation, understand and assess the risk, and then make an informed decision."
risk_management  game_theory  dopost 
7 weeks ago by niksilver
Slicing Pie | Slicing Pie, Perfect Equity Splits for Bootstrapped Startups
"Slicing Pie is a universal, one-size-fits all model that creates a perfectly fair equity split in an early-stage, bootstrapped start-up company."
equity  startups  negotiating  dopost 
7 weeks ago by niksilver
Inside the Revolution at Etsy -
"The first time Josh Silverman addressed the staff of Etsy as their newly installed chief executive, he tried to connect with a work force known for its diversity, idealism and sincerity. “Hello,” he said. “My name is Josh. I identify as male. My preferred pronouns are ‘him’ and ‘he.’ Most people just call me Josh.”"
etsy  culture  change  dopost 
8 weeks ago by niksilver

Copy this bookmark:

to read