First, interesting quote from Overcoming Bias:
Harry Truman famously longed for a “one-handed economist,” who would not say “on one hand, on the other hand.” … When economists choose between communicating (a) nothing, or (b) simplified but roughly accurate conclusions, they seem strangely to prefer (a).
Your task today? Replace “economist” with “risk analyst” - I’ll bet your business is longing for a one-handed risk analyst.
Second, funny anecdote that builds off Mark Curphey’s interesting post about stock price dips (a “data mashup” comparing yesterday’s false Apple rumor vs. TJX ). I had coffee this morning with a friend who is a security professional and does some R&D work on the threat community at large. He relates this interesting story that happened not too long ago.
This friend of mine (whitehat) is on some hacker IRC in the South Pacific . He’s talking to a guy in South America with whom he’s got an amount of trust. The guy goes, “Hey, I have 75 World of Warcraft accounts - high level characters, plenty of goodies- would you like to buy them, only $50 each?” My friend has no interest in WoW accounts, and really isn’t going to deal in hacked accounts (he is a whitehat after all), but for entertainment/research purposes politely declines but asks about credit card info. They negotiate the desired credit limits and such and settle on $2.50 per card (my friend of course, doesn’t buy the hacked accounts, this is just R&D).
Moral of the story, a well-groomed WoW account is twenty times more valuable on the market than a high limit credit card. So fake money is more expensive than real money, rumors have more impact than actual damaging events. Now that’s market efficiency.
Tags: compliance, information risk, information, risk, risk management, risk_management, information, security, information security, information_security, governance, compliance, enterprise_architecture
(via RiskAnalys.is)May 17, 2007, 8:28am Comments
