Human Error and Incremental Risk

by Chandler on February 23, 2010

As something of a follow-up to my last post on Aviation Safety, I heard this story about Toyota’s now very public quality concerns on NPR while driving my not-Prius to work last week. Driving a Toyota may seem like a (…)

Read the rest of this entry »

Human Error

by Chandler on February 22, 2010

In his ongoing role of “person who finds things that I will find interesting,” Adam recently sent me a link to a paper titled “THE HUMAN FACTORS ANALYSIS AND CLASSIFICATION SYSTEM–HFACS,” which discusses the role of people in aviation accidents.  (…)

Read the rest of this entry »

Pie charts are not always wrong

by adam on February 22, 2010

In a comment, Wade says “I’ll be the contrarian here and take the position that using pie charts is not always bad.” And he’s right. Pie charts are not always bad. There are times when they’re ok. As Wade says (…)

Read the rest of this entry »

Symantec State of Security 2010 Report Out

by alex on February 22, 2010

http://www.symantec.com/content/en/us/about/presskits/SES_report_Feb2010.pdf Thanks to big yellow for not making us register!  Oh, and Adam thanks you for not using pie charts…

The Visual Display of Quantitative Information

by adam on February 18, 2010

In Verizon’s post, “A Comparison of [Verizon’s] DBIR with UK breach report,” we see: Quick: which is larger, the grey slice on top, or the grey slice on the bottom? And ought grey be used for “sophisticated” or “moderate”? I’m (…)

Read the rest of this entry »

Adam & Andy Jaquith: A conversation

by adam on February 16, 2010

In December, Andy Jaquith and I had a fun conversation about info security with Bill Brenner listening in. The transcript is at “Meeting of the Minds,” and the audio is here.

Measuring the unmeasurable — inspiration from baseball

by Russell on February 15, 2010

The New School approach to information security promotes the idea that we can make better security decisions if we can measure the effectiveness of alternatives.  Critics argue that so much of information security is unmeasurable, especially factors that shape risk, that quantitative (…)

Read the rest of this entry »

Happy Valentine’s Day!

by alex on February 14, 2010

They say that Y equals m-x plus b (well, when you remove the uncertainty). So let me reveal a secret confession: You’re the solution to my least squares obsession. stolen from the applied statistics blog

Open Security Foundation Looking for Advisors

by adam on February 13, 2010

Open Security Foundation – Advisory Board – Call for Nominations: The Open Security Foundation (OSF) is an internationally recognized 501(c)(3) non-profit public organization seeking senior leaders capable of providing broad-based perspective on information security, business management and fundraising to volunteer (…)

Read the rest of this entry »

Best Practices for Defeating the term “Best Practices”

by adam on February 12, 2010

I don’t like the term “Best Practices.” Andrew and I railed against it in the book (pages 36-38). I’ve made comments like “torture is a best practice,” “New best practice: think” and Alex has asked “Are Security “Best Practices” Unethical?“ (…)

Read the rest of this entry »