My colleague Ross Smith has just presented an important new paper, “The Future of Work is Play” at the IEEE International Games Innovation Conference. There’s a couple of very useful lessons in this paper. One is the title, and the mega-trends driving games into the workplace. Another is Ross’s lessons of when games work: Over [...]
Filed under: Doing it Differently, Reports and Data by adam on Thursday, December 1, 2011
No Comments »
First, good on AT&T for telling people that there’s been an attempt to hack their account. (My copy of the letter that was sent is after the break.) I’m curious what we can learn by discussing the attack. An AT&T spokesperson told Fox News that “Fewer than 1 percent of customers were targeted.” I’m currently [...]
Filed under: disclosure, Doing it Differently, measurement by adam on Tuesday, November 22, 2011
1 Comment »
I talk a lot about the importance of data in enabling us to bring the scientific method to bear on information security. There’s a reason for that: more data will let us know the falsehoods, and knowing the falsehoods will set us free. But discovering what claims don’t stand up to scrutiny is a matter [...]
Filed under: diversity, Doing it Differently by adam on Monday, October 24, 2011
No Comments »
On Friday, I watched Eric Ries talk about his new Lean Startup book, and wanted to talk about how it might relate to security. Ries concieves as startups as businesses operating under conditions of high uncertainty, which includes things you might not think of as startups. In fact, he thinks that startups are everywhere, even [...]
Filed under: argument, Doing it Differently, measurement, metrics by adam on Tuesday, September 20, 2011
No Comments »
Following the Diginotar breach, FOX-IT has released analysis and a nifty video showing OCSP requests. As a result, lots of people are quoting a number of “300,000″. Cem Paya has a good analysis of what the OCSP numbers mean, what biases might be introduced at “DigiNotar: surveying the damage with OCSP.” To their credit, FoxIt [...]
Filed under: Data Analysis, disclosure, Doing it Differently, measurement, Reports and Data by adam on Tuesday, September 13, 2011
No Comments »
There’s an interesting article over at CIO Insight: The disclosure of an email-only data theft may have changed the rules of the game forever. A number of substantial companies may have inadvertently taken legislating out of the hands of the federal and state governments. New industry pressure will be applied going forward for the loss [...]
Filed under: breaches, Doing it Differently by adam on Wednesday, September 7, 2011
1 Comment »
The fine folks at Securosis are starting a blog series on “Fact-based Network Security: Metrics and the Pursuit of Prioritization“, starting in a couple of weeks. Sounds pretty New School to me! I suggest that you all check it out and participate in the dialog. Should be interesting and thought provoking. [Edit -- fixed my [...]
Filed under: Data Analysis, Doing it Differently, metrics by Russell on Wednesday, August 10, 2011
3 Comments »
Over at the Office of Inadequate Security, Pogo was writing about the Lulzsec hacking of Arizona State Police. Her article is “A breach that crosses the line?” I’ve been blogging for years about the dangers of breaches. I am concerned about dissidents who might be jailed or killed for their political views, abortion doctors whose [...]
Filed under: breaches, disclosure, Doing it Differently by adam on Tuesday, June 28, 2011
No Comments »
On Friday, I ranted a bit about “Are Lulz our best practice?” The biggest pushback I heard was that management doesn’t listen, or doesn’t make decisions in the best interests of the company. I think there’s a lot going on there, and want to unpack it. First, a quick model of getting executives to do [...]
Filed under: careers, Doing it Differently by adam on Wednesday, June 15, 2011
2 Comments »
Over at Risky.biz, Patrick Grey has an entertaining and thought-provoking article, “Why we secretly love LulzSec:” LulzSec is running around pummelling some of the world’s most powerful organisations into the ground… for laughs! For lulz! For shits and giggles! Surely that tells you what you need to know about computer security: there isn’t any. And [...]
Filed under: Amusements, argument, best practice, Doing it Differently by adam on Friday, June 10, 2011
67 Comments »