The big news last week was the U.S. officially calling out the PRC for putting backdoors in telecom equipment. So how many of you are shocked? I’m just shocked it took this long to come out officially. [2-3],
If anyone is looking for good Loss Event Frequency (LEF) data surrounding data breaches, check out the Chronology of Data Breaches site.  You can slice and dice this data in many ways. Should be helpful in any FAIR analysis you do on the subject.
Speaking of FAIR and risk assessment methodologies, SecureState has issued a new risk framework called iRisk. Being a FAIR fanboy, I applaud their effort, but warn you that this seems to be a qualitative system pretending to be a quantitative system. That isn’t necessarily a bad thing but be aware of it. I had an interesting conversation with @slandail about how risk management evolves in organizations. He suggests, and I agree, that this kind of qualitative assessment is a part of the risk management system evolution. You have to live through it for a little while in order to understand its capabilities and if your organization needs more. I argue it’s not completely worthless if it gets you thinking about risk consistently. Based on Jeff Lowder’s response on the SIRA Blog, he’d disagree. Tell me what you think in the comments. 
And, take some time to read the article on the CIA burglar that went bad for some recreational reading.