Last week, I spoke at the Open Group meeting here in Seattle, and then recorded a podcast with Dana Gardner, Jim Hietala and Vicente Aceituno about ISM3 Brings Greater Standardization to Security Measurement Across Enterprise IT (audio) or you can read the transcript. It was fun, and the podcast is short and to the point. [...]
As best as I can describe the characteristics of the threat agents that would fit the label of APT, that threat community is very, very real. It’s been around forever (someone mentioned first use of the term being 1993 or something) – we dealt with threat agents you would describe as “APT” at MicroSovled when [...]
From Less Wrong: http://lesswrong.com/lw/1qk/applying_utility_functions_to_humans_considered/ I’m at The Open Group Security Forum this week in Seattle, speaking about risk and stuff. Adam gave a great talk about Security: From Art to Science. One recurring theme all week was the need to borrow from disciplines outside of Comp Sci and Engineering. When we think about the [...]
In a private conversation, someone said “has anyone in company‘s IT staff been fired for letting people do use that software?” I did some searching for “firing offenses” and I found a bunch of interesting random things. I’d like to quote one, “How can I fire a non-performer in today’s environment:” You may have some [...]
Metrics seem to be yet another way in which Angry Bear noticed that the V-22 Osprey program has hidden from its failure to deliver on its promises: Generally, mission capability runs 20% higher than availability, but availability is hidden on new stuff, while shouted about on older stuff, because there would be severe embarrassment if you [...]
Ian Grigg seems to have kicked off a micro-trend with “The most magical question of all — why are so many bright people fooling themselves about the science in information security?.” Gunnar Peterson followed up with “Most Important Security Question: Cui Bono?” Both of these are really good questions, but I’m going to take issue [...]
There is no better illustration of the institutional and social taboos surrounding data breach reporting and information security in general than the Google-Adobe-China affair. While the Big Thinkers at the World Economic Forum discussed every other idea under the sun, this one was taboo.