Human Error and Incremental Risk
by Chandler on February 23, 2010
As something of a follow-up to my last post on Aviation Safety, I heard this story about Toyota’s now very public quality concerns on NPR while driving my not-Prius to work last week. Driving a Toyota may seem like a (…)
Human Error
by Chandler on February 22, 2010
In his ongoing role of “person who finds things that I will find interesting,” Adam recently sent me a link to a paper titled “THE HUMAN FACTORS ANALYSIS AND CLASSIFICATION SYSTEM–HFACS,” which discusses the role of people in aviation accidents. (…)
Pie charts are not always wrong
by adam on February 22, 2010
In a comment, Wade says “I’ll be the contrarian here and take the position that using pie charts is not always bad.” And he’s right. Pie charts are not always bad. There are times when they’re ok. As Wade says (…)
Symantec State of Security 2010 Report Out
by alex on February 22, 2010
http://www.symantec.com/content/en/us/about/presskits/SES_report_Feb2010.pdf Thanks to big yellow for not making us register! Oh, and Adam thanks you for not using pie charts…
The Visual Display of Quantitative Information
by adam on February 18, 2010
In Verizon’s post, “A Comparison of [Verizon's] DBIR with UK breach report,” we see: Quick: which is larger, the grey slice on top, or the grey slice on the bottom? And ought grey be used for “sophisticated” or “moderate”? I’m (…)
Adam & Andy Jaquith: A conversation
by adam on February 16, 2010
In December, Andy Jaquith and I had a fun conversation about info security with Bill Brenner listening in. The transcript is at “Meeting of the Minds,” and the audio is here.
Measuring the unmeasurable — inspiration from baseball
by Russell on February 15, 2010
The New School approach to information security promotes the idea that we can make better security decisions if we can measure the effectiveness of alternatives. Critics argue that so much of information security is unmeasurable, especially factors that shape risk, that quantitative (…)
Happy Valentine’s Day!
by alex on February 14, 2010
They say that Y equals m-x plus b (well, when you remove the uncertainty). So let me reveal a secret confession: You’re the solution to my least squares obsession. stolen from the applied statistics blog
Open Security Foundation Looking for Advisors
by adam on February 13, 2010
Open Security Foundation – Advisory Board – Call for Nominations: The Open Security Foundation (OSF) is an internationally recognized 501(c)(3) non-profit public organization seeking senior leaders capable of providing broad-based perspective on information security, business management and fundraising to volunteer (…)
Best Practices for Defeating the term “Best Practices”
by adam on February 12, 2010
I don’t like the term “Best Practices.” Andrew and I railed against it in the book (pages 36-38). I’ve made comments like “torture is a best practice,” “New best practice: think” and Alex has asked “Are Security “Best Practices” Unethical?“ (…)