So last night the family and I sat down and watched a little TV together for the first time in ages. We happened to settle on the X-Games on ESPN, purely because they were showing a sport that I can only describe as Artistic Snowmobile Jumping. Basically, these guys get on snowmobiles, jump them in [...]
Filed under: Uncategorized by alex on Saturday, January 30, 2010
1 Comment »
Their judgment was based on wishful thinking rather than on sound calculation of probabilities; for the usual thing among men, is when they want something, they will, without any reflection, leave that to hope; which they will employ the full force of reasoning in rejecting what they find unpalatable. — Thucydides
Filed under: Uncategorized by alex on Thursday, January 28, 2010
2 Comments »
The EFF is doing some measurement of browser uniqueness and privacy. It takes ten seconds. Before you go, why not estimate what fraction of users have the same transmitted/discoverable browser settings as you, and then check your accuracy at https://panopticlick.eff.org. Or start at http://www.eff.org/deeplinks/2010/01/help-eff-research-web-browser-tracking for a bit more detail.
Filed under: measurement, metrics by adam on Wednesday, January 27, 2010
No Comments »
Tried to embed, didn’t work. Here’s the link: http://www.brighttalk.com/webcasts/8093/attend
Filed under: Uncategorized by alex on Tuesday, January 26, 2010
No Comments »
Hi, If you like risk, risk management, and metrics, I’ll be giving an online presentation you might want to see tomorrow at 2 EST: Gleaning Risk Management Data From Incidents http://www.brighttalk.com/webcasts/8093/attend
Filed under: Uncategorized by alex on Monday, January 25, 2010
1 Comment »
Filed under: Uncategorized by alex on Sunday, January 24, 2010
No Comments »
A vivid image of Fear, Uncertainty, and Doubt (FUD), from an email promotion by NetWitness.
Filed under: Amusements by Russell on Wednesday, January 20, 2010
6 Comments »
Yesterday, I offered up a little challenge to suggest that we aren’t ready for a certification around understanding information risk. Today I want to mention why I think this CRISCy stuff is dangerous. What if how we’re approaching the subject is wrong? What if it’s mostly wrong and horribly expensive? I’m going to offer that [...]
Filed under: Science of Risk Management by alex on Wednesday, January 20, 2010
13 Comments »
Recently, ISACA announced the CRISC certification. There are many reasons I don’t like this, but to avoid ranting and in the interest of getting to the point, I’ll start with the main reason I’m uneasy about the CRISC certification: We’re not mature enough for a certification in risk management. Don’t believe me? Good for you, [...]
Filed under: Uncategorized by alex on Tuesday, January 19, 2010
57 Comments »
To improve threat intelligence, it’s most important to address the flaws in how we interpret and use the intelligence that we already gather. Intelligence analysts are human beings, and many of their failures follow from intuitive ways of thinking that, while allowing the human mind to cut through reams of confusing information, often end up misleading us.
Filed under: Doing it Differently, Links, Science of Risk Management by Russell on Monday, January 18, 2010
2 Comments »