Archive for the “argument” category
Representative Bono-Mack on the Sony Hack
by adam on May 11, 2011
There’s a very interesting discussion on C-SPAN about the consumer’s right to know about breaches and how the individual is best positioned to decide how to react. “Representative Bono Mack Gives Details on Proposed Data Theft Bill.” I’m glad to (…)
A critique of Ponemon Institute methodology for “churn”
by adam on January 25, 2011
Both Dissent and George Hulme took issue with my post Thursday, and pointed to the Ponemon U.S. Cost of a Data Breach Study, which says: Average abnormal churn rates across all incidents in the study were slightly higher than last (…)
Requests for a proof of non-existence
by adam on January 24, 2011
So before I respond to some of the questions that my “A day of reckoning” post raises, let me say a few things. First, proving that a breach has no impact on brand is impossible, in the same way that (…)
A Day of Reckoning is Coming
by adam on January 20, 2011
Over at The CMO Site, Terry Sweeney explains that “Hacker Attacks Won’t Hurt Your Company Brand.” Take a couple of minutes to watch this. Let me call your attention to this as a turning point for a trend. Those of (…)
Referencing Insiders is a Best Practice
by adam on January 7, 2011
You might argue that insiders are dangerous. They’re dangerous because they’re authorized to do things, and so monitoring throws up a great many false positives, and raises privacy concerns. (As if anyone cared about those.) And everyone in information security (…)
Nate Silver in the NYT: A Bayesian Look at Assange
by alex on December 15, 2010
From The Fine Article: Under these circumstances, then, it becomes more likely that the charges are indeed weak (or false) ones made to seem as though they are strong. Conversely, if there were no political motivation, then the merits of (…)
Be celebratory, be very celebratory
by Chandler on November 5, 2010
A reminder for those of you who haven’t read or watched “V for Vendetta” one time too many, it’s Guy Fawkes Day today: The plan was to blow up the House of Lords during the State Opening of Parliament on (…)
Michael Healey: Pay Attention (Piling On)
by alex on September 12, 2010
Richard Bejtlich has a post responding to an InformationWeek article written by Michael Healey, ostensibly about end user security. Richard upbraids Michael for writing the following: Too many IT teams think of security as their trump card to stop any (…)
Alex on Science and Risk Management
by adam on June 17, 2010
Alex Hutton has an excellent post on his work blog: Jim Tiller of British Telecom has published a blog post called “Risk Appetite, Counting Security Calories Won’t Help”. I’d like to discuss Jim’s blog post because I think it shows (…)
Counterpoint: There is demand for security innovation
by adam on March 23, 2010
Over in the Securosis blog, Rich Mogull wrote a post “There is No Market for Security Innovation.” Rich is right that there’s currently no market, but that doesn’t mean there’s no demand. I think there are a couple of inhibitors (…)