I have a ton of tabs open in Firefox about stuff I thought would be some sweet newschool-esque reading for everybody out there. 1.) Threat and Risk Mapping Analysis in Sudan Not really about measurement and progress, but a fascinating look at “physical risk management” nonetheless: http://irevolution.wordpress.com/2009/04/09/threat-and-risk-mapping-analysis-in-sudan/ 2.) I thought Gunnar did a great job [...]
There was an interesting segement on NPR this morning, “Economy Got You Down? Many Blame Rating Firms” that covered amongst other things the risk model that Standard and Poors used to rate bonds and in specific mortgage backed ones. There are a few choice quotes in the story about how the organizations approached the models [...]
I haven’t had a chance to read it, but I’ll probably pick up “Absinthe and Flamethrowers: Projects and Ruminations on the Art of Living Dangerously” at some point, if only because of the author’s writing on the relationship between risk and happiness says something I’ve always suspected, that risk takers are happier than risk avoiders [...]
I found this short documentary about piracy around the Straits of Malaca to be an interesting view of the reality of pirate life as a last refuge of the unemployed fisherman to be an interesting counterpoint to the NPR Story, “Behind the Business Plan of Pirates, Inc.” which provides an altogether different view of the [...]
From Gelman’s blog: U.K. Sheriff Cites Officials for Serious Statistical Violations I don’t know if we need an “office” of information assurance in the government sector, but it would be nice to have some penalty on the books for folks who abuse basic common sense statistical principles. Of course, the *real* answer lies in education [...]
Hey everyone. I wanted to let you know that Rich, Adrian & Co. at Securosis are spearheading a research project called “Quant”. They currently have a survey up on survey monkey about Patch Management that they’d like participation in. If you can, please give thoughtful contribution to the survey. http://www.surveymonkey.com/s.aspx?sm=SjehgbiAl3mR_2b1gauMibQw_3d_3d There’s something about a registration [...]
Just for Adam, because I know he’ll *love* this. Was reading the “How to transform your ETL tool into a data quality toolkit” post on the data quality blog when I noticed something. In the graphic they’re presenting there: The.Pie.Chart.Spins. Which could be one of the most awesome data visualization abuses. ever.
The folks over at Voltage have released a really cool interactive map of breaches from around the world. Tools like this show how important having data is, just imagine how much more impressive and useful something like this could be if more people were willing to share data about breaches or other information security issues [...]
Check out Richard Bejtlich’s Information Security Incident Rating post. In it, he establishes qualitative, color-based scales for various asset-states in relation to the aggregate threat community. As Richard states, he’s not modeling risk, but rather he’s somewhat modeling half of risk (in FAIR terms, an attempt at TEF/LEF/TCap information, just not the loss magnitude side). [...]