Podcast on ISM3

by adam on February 8, 2010

Last week, I spoke at the Open Group meeting here in Seattle, and then recorded a podcast with Dana Gardner, Jim Hietala and Vicente Aceituno about ISM3 Brings Greater Standardization to Security Measurement Across Enterprise IT (audio) or you can (…)

Read the rest of this entry »

Does It Matter If The APT Is “New”?

by alex on February 6, 2010

As best as I can describe the characteristics of the threat agents that would fit the label of APT, that threat community is very, very real.  It’s been around forever (someone mentioned first use of the term being 1993 or (…)

Read the rest of this entry »

Applying Utility Functions To Humans?

by alex on February 4, 2010

From Less Wrong:  http://lesswrong.com/lw/1qk/applying_utility_functions_to_humans_considered/ I’m at The Open Group Security Forum this week in Seattle, speaking about risk and stuff.  Adam gave a great talk about Security: From Art to Science.  One recurring theme all week was the need to (…)

Read the rest of this entry »

Off with their heads!

by adam on February 4, 2010

In a private conversation, someone said “has anyone in company‘s IT staff been fired for letting people do use that software?” I did some searching for “firing offenses” and I found a bunch of interesting random things. I’d like to (…)

Read the rest of this entry »

V-22 Osprey Metrics

by Chandler on February 3, 2010

Metrics seem to be yet another way in which Angry Bear noticed that the V-22 Osprey program has hidden from its failure to deliver on its promises: Generally, mission capability runs 20% higher than availability, but availability is hidden on new (…)

Read the rest of this entry »

The Best Question In Information Security

by adam on February 1, 2010

Ian Grigg seems to have kicked off a micro-trend with “The most magical question of all — why are so many bright people fooling themselves about the science in information security?.” Gunnar Peterson followed up with “Most Important Security Question: (…)

Read the rest of this entry »

‘Don’t Ask, Don’t Tell in Davos’ — Act 3 in the Google-China affair

by Russell on February 1, 2010

There is no better illustration of the institutional and social taboos surrounding data breach reporting and information security in general than the Google-Adobe-China affair. While the Big Thinkers at the World Economic Forum discussed every other idea under the sun, this one was taboo.