Fellow infosec pros,
Tim Bass recently posted a stimulating entry to his blog proposing a top ten list of information security threats - not "risks" but threats specifically. This struck me as an interesting idea and an opportunity to add some depth to the rather banale top ten IT security risks lists that appear every new year. So, shamelessly extending a good idea, I've set up a shared document on Google Documents and now invite you to participate in a collaborative project to draw up a more meaningful list of current infosec risks, starting with separate lists of threats, vulnerabilities and impacts, then working on the risks, and finally the controls and conclusion.
If you would like to get involved, please check the shared document as it stands today and then email me (Gary@isect.com) to add you to the list of users with update access to the shared doc. Google Docs is cool but if you can't be bothered to update the doc yourself, just email me with your comments and I'll have a go. I'm particularly interested in emerging trends, as perceived by qualified information security professionals rather than journalists and marketers. What are you working on today and what do you expect to be doing in the year ahead?
I'm planning to publish the finished item on the Web under a Creative Commons license on or before Jan 1st 2008, acknowledging all contributors. Please don't ask me if you can earn CPEs for this though!
UPDATE Dec 19th: the lists of threats, vulnerabilites and impacts are nearing completion so it's time to make a start on pulling things together as "risks". See the shared paper as it stands today and by all means have your say - pop a comment below if you like.