Comments on: Black Swan-Proof InfoSec? http://newschoolsecurity.com/2009/04/black-swan-proof-infosec/ The Blog Inspired By The Book Thu, 11 Mar 2010 18:24:24 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Luke O'Connor http://newschoolsecurity.com/2009/04/black-swan-proof-infosec/#comment-50 Luke O'Connor Sun, 03 May 2009 23:12:48 +0000 http://newschoolsecurity.com/?p=82#comment-50 hi, I would just like to comment on the first point "1. What is fragile should break early while it is still small. Nothing should ever become too big to fail." which seems quite relevant to IT, and CII in particular. You mentioned network security but the problem is more general as Marcus Ranum has recently posted on. CII is now on the risk landscape of the World Economic Forum as a major risk, in terms of money and loss of life (see the 2008 report). Over time the impact or a worst case failure has grown, and will keep increasing. I am not sure how to measure the fragility of CII but as Ranum remarks, even a contant failure rate/probability given an increasing impact is bad news. Web 2.0 can't be a good omen either, with facebook having 150 million users - something this large cannot afford to fail. regards Luke hi, I would just like to comment on the first point

“1. What is fragile should break early while it is still small. Nothing should ever become too big to fail.”

which seems quite relevant to IT, and CII in particular. You mentioned network security but the problem is more general as Marcus Ranum has recently posted on. CII is now on the risk landscape of the World Economic Forum as a major risk, in terms of money and loss of life (see the 2008 report). Over time the impact or a worst case failure has grown, and will keep increasing. I am not sure how to measure the fragility of CII but as Ranum remarks, even a contant failure rate/probability given an increasing impact is bad news. Web 2.0 can’t be a good omen either, with facebook having 150 million users – something this large cannot afford to fail.

regards Luke

]]>