Don’t Share, Publish

by adam on August 29, 2012

I’d like to offer up a thought with regards to the latest swirl of discussion around ‘information sharing’ in security: Don’t share, publish. I want to talk about this because more and more folks are starting to question the value (…)

Read the rest of this entry »

The Plural of Anecdote is Anecdotes

by adam on August 23, 2012

Over at, there’s a story which starts: Medical-data blackmail is becoming more common as more health care providers adopt electronic health records systems and store patient data digitally. (“Hackers demand ransom to keep medical records private“) The trouble with (…)

Read the rest of this entry »

Your career is over after a breach? Another Myth, Busted!

by adam on August 6, 2012

I’m a big fan of learning from our experiences around breaches. Claims like “your stock will fall”, or “your customers will flee” are shown to be false by statistical analysis, and I expect we’d see the same if we looked (…)

Read the rest of this entry »