December 2007
68 posts
The Visibility of Information Risk Management →
I picked up today’s WSJ and got a cold, hard dose of reality. In it, is an article called “Data Security Breaches Reach a Record in 2007″. It’s a fairly retrospective article that discusses the four to eight-fold increase in compromised records for EOY 2007 vs. EOY 2006 (the discrepancy in increase estimates is due to Attrition.org using deposition information from Visa & Mastercard in the...
test →
Considerations on risk modeling →
As Alex discussed a couple of weeks ago, Mike Rothman posted an article discussing concerns he has with risk management models. In his article, Mike reminds us that risk management is not a silver bullet, that we should only do as much risk modeling as is necessary in order to achieve our goals (I assume he means the organization’s goals), and that calculating risk to the Nth degree doesn’t keep...
@rmogull: Raving Rabbids 2 for wii is what the boys have been playing all day
My Brazilian Football name? "Huttisco" →
Developing a timeline. Tried using Numbers.app, now just winging it in OmniGraffle. Gotta love OmniGraffle. Oh, and Cut Copy is teh r0x3rZ
Staufs is now playing Get The Balance Right: http://tinyurl.com/yntsdv [http://tinyurl.com/yntsdv]
@soldierant: you’re on. Somebody needs to bring a powerchord though!
Ah, Staufs dark roast
When Security Gets Cute →
From Engadget:
LG’s USB Vaccine. It’s a little usb stick with anti-malware! Isn’t that cute? It’s like a hypodermic for your PC!
@sharplefthander how long will you be @staffs? I’ll be there around 1pm
@soldierant you still@staffs?
HOLY CRAP: http://scalzi.com/whatever/?p=216 [http://scalzi.com/whatever/?p=216]
Risk, Art, & Science →
Recently the “Is Risk Management(sic) an art or science” meme has reappeared. Our response should be:
“Bzzt. Sorry, wrong question.”
Not only are they confusing two different disciplines (the study of risk to the study of the management of risk), but they are usually completely off base in their approach to the problem. whenever I hear this question, three things come to mind:
1. SCIENCE...
@mcwresearch: “I don’t care how excrementally runny it is. Fetch hither the frommage de la belle France my good man!”
Buying bread from a man in Brussels - he was, 6’4” and full of muscles.
Despite “The Wedding Singer” Billy Idol should be taken out back and put out of his misery for his remake of “LA Woman”
@Beaker: I can’t stop you, I can only hope to contain you.
Data Centrism, De-Perimeterization, and Fanaticism →
First, - yes, yes we know. Rothman went and dissed risk analysis. At least Mike was kind enough to mention FAIR. There may be a more reasoned response to that article may be coming in the next few days, but Mike does say one thing I’d like to address right now:
The reality is that nearly all risk-modeling approaches force you to make estimates based on assumptions that are in turn based on...
@bokardo: why is he dangerous? Got a blog post on it?
I admit it. I like Enterprise.
@bokardo: dang! Safari 3 just needs session saving for me to use it instead of Camino - still need Firefox for the web dev extension.
@bokardo: I promise I never had those issues with Bon Echo. Are you on 10.5?
@mcwresearch: It’s a low frequency risk, you’ll be fine ;)
@mcwresearch: So are the thieves at the TSA who inspect your baggage :)
@beaker: You’re just not right.
@Beaker: “Ouch, quit it.”
@soldierant: Japanese Spiderman is better (or at least authentic) http://tinyurl.com/2b5cvg [http://tinyurl.com/2b5cvg]
@bokardo: It’s built for intel (or g5) so it’s natively faster. You can also have aqua widgets :)
@bokardo: http://tinyurl.com/26rxzs [http://tinyurl.com/26rxzs]
@mcwresearch: JK
@mcwresearch: No way, I’m 59.32.232.161 and I’m going to keep trying until my fingers bleed!!!
@mcwreseearch: No way, I’m 59.32.232.161 and I’m going to keep trying until my fingers bleed!!!
Great-er Depression coming: Yes or no?
@bokardo: Let me know if you need help. I do have a few great security contacts
Randomizing? →
I’m giving a FAIR training class until Friday, so some light link blogging for now:
Post by Yale economist Ian Ayres on the Freakanomics blog: “Why Don’t Sports Teams Use Randomization?”
Which begs the question, “Is randomization a tool we can use in our efforts to prevent/detect/respond?”
And of course, the bachelor Xmas Tree: http://tinyurl.com/3xphez [http://tinyurl.com/3xphez]
Funny Craigslist post: http://www.craigslist.org/about/best/phi/471580402.html [http://www.craigslist.org/about/best/phi/471580402.html]
Some Serious Data Security Efforts →
If you haven’t seen Wired’s article on Pixar’s data security efforts, you should check it out. Apparently they can do their job under what most would consider draconian security policies. Pretty cool. Two things I would like to point out:
First, many of these efforts would be considered to be “risk management” by many (see this weekends blog post), myself included. But I think they would be...
quartz backgrounds on presentation crashes leopard. nice.
Security Management vs. Risk Management →
Security (Management)
Focuses on protection (prevention, detection, response)
Risk (Management)
is influencing the risk condition of an organization in a desired manner (by making well-informed decisions)
I really like that second bit. Influencing the risk condition of an organization.
What do you think?
The world will soon have 7 more new FAIR certified risk analysts. I’m stoked
Insomnia kind of sucks. But then again, I can get some work done
@soldierant you really should. Watch out for vultures though.
@bokardo that’s about my schedule. Tough at first, but worth it in the long run.
Finally set up Gmail IMAP and Mail.App to work together properly….
@wii Thanks for the Holiday Wii Giveaway! Wii Transfer looks cool: http://wiitransfer.com/ [http://wiitransfer.com/]
I’m here, at Stuafs, waiting for my 8am to show. It’s, like, 12 degrees outside
@wii: I’d like to win a Wii, please!