Our Blog
2021 (3)
2020 (30)
2019 (10)
2018 (14)
2017 (27)
2016 (22)
2015 (17)
2014 (15)
2013 (30)
2012 (27)
2011 (33)
2010 (36)
2009 (81)
2008 (75)
2007 (80)
Categories
Categories
Account takeover (1)
Javascript (2)
Xss (1)
Chain (1)
Ios (7)
Mobile (17)
Objection (2)
Binary (1)
Docker (3)
Tool (4)
Attack (1)
Pwn (1)
Games (2)
Sensecon 2020 (2)
Api (1)
Code (1)
Json (1)
Sensecon2020 (2)
Swagger (1)
Fun (60)
Hardware (7)
Playstation (2)
Reversing (17)
Dual-pod-shock (1)
Dualsense (1)
Dualshock (1)
Sony (1)
Stutm (1)
Av evasion (3)
Hackathon (2)
Sensecon (1)
Automation (1)
Coding (1)
Conferences (92)
Forpoland (1)
Email (1)
Python (10)
Cracking (3)
Encodings (2)
Hashcat (2)
Passwords (2)
Wifi (11)
0day (4)
Dll hijacking (1)
Privilege escalation (1)
Grafana (1)
Hipster (2)
Pi (1)
Pihole (1)
Traefik (1)
Acl (2)
Active directory (6)
Directaccess (1)
Kerberos resource-based constrained delegation (1)
Rubeus (2)
Blackhat (44)
Networking (3)
Routopsy (1)
Talks (1)
About:us (47)
Powershell (4)
Genericwrite (1)
Rcm (1)
Blue team (1)
Digital forensics (1)
Suricata (1)
Redteam (4)
Rce (2)
Source code review (1)
Authentication (1)
Tools (79)
Training (57)
#4poland (1)
Android (5)
Amsi (1)
Bypass (4)
Browser (2)
Chrome (2)
Exploit development (4)
Vulnerability research (2)
V8 (2)
Vulnerability (3)
Webapps (14)
Dos (1)
Monitor (1)
Network (1)
Poc (1)
Proofofconcept (1)
Prtg (1)
Prtg network monitor (2)
Shodan (1)
Usb (3)
Ctf (1)
Anti-virus (2)
Malware (3)
Persistence (1)
Post-exploitation (5)
Sysmon (1)
Windows (6)
Abuse (2)
Research (73)
Smartcards (1)
Windows events (1)
Forgery (1)
Impersonation (1)
Smartcard (1)
Internals (5)
Bloodhound (1)
Dacls (1)
Mimikatz (1)
Powerview (1)
Browsers (1)
Exploitation (1)
Reverse engineering (2)
Internal (2)
Radio (1)
Real-world (20)
Rf (2)
Shells (5)
Doom (1)
Frida (4)
Sensecon 2019 (1)
Cve (5)
Exploit (13)
Variant analysis (1)
Code analysis (1)
Cve-2019-15937 (1)
Cve-2019-15938 (1)
Ql (1)
Semmle (1)
Metasploit (5)
Meterpreter (1)
Defcon (8)
Relay (1)
Rogue-ap (5)
Cve-2019-0547 (1)
Cve-2019-0726 (1)
Dhcp (1)
Kb4480966 (1)
Patch diffing (1)
Diffing (1)
Protocol (1)
Backdoor (3)
Lsass (1)
Password (1)
Deepdive (2)
Mac (16)
Cve-2018-19204 (1)
Web application (1)
How-to (4)
Howto (23)
Webassembly (1)
Opsec (1)
Tin-foil-hat (8)
Command execution (1)
Dns (1)
Experiment (2)
Ioc (1)
Tunnelling (2)
Mitm (5)
Heap (7)
Heap linux (7)
Heap overflow (4)
Apngopt (2)
Exploitaion (4)
Bash (1)
Curl (1)
Efficiency (1)
Shell (1)
Mq (1)
Detection (1)
Analysis (13)
Build-it (5)
Interception (1)
Tricks (6)
Sdr (3)
Gdb (1)
Apng (1)
Double free (2)
Linux (4)
Automated network scanner (2)
Challenge (4)
Bsides (1)
Go go go (1)
Screenshot (1)
Crypto (9)
Office (1)
Burp (1)
Certificates (2)
Defence (1)
Skimmers (1)
Materials (5)
Pwnage friday (1)
Painless (1)
Ptmalloc2 (1)
Apache server (1)
Fuzzing (1)
Httpd (1)
Afl (1)
Cve-2017-7668 (1)
Printf (1)
Ook (1)
External (1)
Troopers (1)
Empire (3)
Programming (19)
B-sides (5)
Nmap (2)
Presentations (9)
Dll injection (1)
Hooking (2)
Maltego (6)
Snoopy (3)
Pentest (6)
Defense (3)
Infrastructure (5)
Blackbox (1)
Ransomware (1)
Skype (3)
Transforms (1)
Zacon (1)
Willemluvscuddles (1)
Clickjacking (2)
Hipsterlurv (1)
Jack (1)
Ssl (1)
.za (3)
Jobs (5)
Product (4)
#legit (1)
Press release (4)
Interns (1)
Broadview (4)
Xml (1)
Malware analysis (1)
44con (6)
Show-off (1)
Z-force (1)
Z-wave (1)
Infosec-soapies (26)
Local (8)
Silly-yammerings (21)
Google (1)
Memory analysis (1)
Footprinting (2)
Privacy (7)
Community (21)
Surveillance (1)
Solution (1)
Rsa (1)
Secureid (1)
Crest (1)
Sap (2)
Threat modelling (6)
Rambling (2)
Uk (2)
Zaprize (2)
Auditors (1)
Metrics (3)
Risk management (2)
Vendors (7)
Metricon (2)
Report-info (1)
Uncon (2)
Windows phone (1)
Auctions (1)
Penny (1)
Pickle (4)
Consulting (1)
Policy (1)
Ccdcoe (1)
Estonia (1)
.ac.za (1)
Vulnerability management (10)
Travel (2)
Suru (1)
Cloud (12)
Memcached (2)
Management (1)
Risk (1)
Proxy (1)
Hackrack (2)
Goodbye (1)
Fail (3)
Imsojaded (2)
Pci (2)
Videos (6)
Hope? (2)
Wasc (1)
Security-news (6)
Mindless-politics (4)
Security-fyi (8)
Qo[w|m|?] (4)
Time-waster (6)
Tech-toys (3)
Zen-hacking (3)
Foos (1)
Readme (1)
Web_x.0 (2)
Mindmaps (1)
Writing-advice (1)
Close
Squinting at Security Drivers and Perspective-based Biases
Reading time: ~12 min
Posted by Dominic White on 28 October 2011
Categories:
Auditors
,
Metrics
,
Risk management
,
Threat modelling
,
Vendors
While doing some thinking on threat modelling I started examining what the usual drivers of security spend and controls are...