That’s Some Serious Precision, or Watch Out, She’s Gonna Go All Decimal!

by alex on January 30, 2010

So last night the family and I sat down and watched a little TV together for the first time in ages.  We happened to settle on the X-Games on ESPN, purely because they were showing a sport that I can (…)

Read the rest of this entry »

Quote For Today

by alex on January 28, 2010

Their judgment was based on wishful thinking rather than on sound calculation of probabilities; for the usual thing among men, is when they want something, they will, without any reflection, leave that to hope; which they will employ the full (…)

Read the rest of this entry »

Help EFF Measure Browser Uniqueness

by adam on January 27, 2010

The EFF is doing some measurement of browser uniqueness and privacy. It takes ten seconds. Before you go, why not estimate what fraction of users have the same transmitted/discoverable browser settings as you, and then check your accuracy at (…)

Read the rest of this entry »

Online Preso – Risk Management & Incident Information

by alex on January 26, 2010

Tried to embed, didn’t work. Here’s the link:

Shameless Self-Promotion

by alex on January 25, 2010

Hi, If you like risk, risk management, and metrics, I’ll be giving an online presentation you might want to see tomorrow at 2 EST: Gleaning Risk Management Data From Incidents

Sunday Funnies: PhDComics on Statistics In The Media

by alex on January 24, 2010

The Face of FUD

by Russell on January 20, 2010

A vivid image of Fear, Uncertainty, and Doubt (FUD), from an email promotion by NetWitness.

Why I Don’t Like CRISC, Day Two

by alex on January 20, 2010

Yesterday, I offered up a little challenge to suggest that we aren’t ready for a certification around understanding information risk.  Today I want to mention why I think this CRISCy stuff is dangerous. What if how we’re approaching the subject (…)

Read the rest of this entry »

Why I Don’t Like CRISC

by alex on January 19, 2010

Recently, ISACA announced the CRISC certification.  There are many reasons I don’t like this, but to avoid ranting and in the interest of getting to the point, I’ll start with the main reason I’m uneasy about the CRISC certification: We’re (…)

Read the rest of this entry »

Doing threat intelligence right

by Russell on January 18, 2010

To improve threat intelligence, it’s most important to address the flaws in how we interpret and use the intelligence that we already gather. Intelligence analysts are human beings, and many of their failures follow from intuitive ways of thinking that, while allowing the human mind to cut through reams of confusing information, often end up misleading us.