Archive for the “argument” category

Are Lulz our best practice?

by adam on June 10, 2011

Over at, Patrick Grey has an entertaining and thought-provoking article, “Why we secretly love LulzSec:” LulzSec is running around pummelling some of the world’s most powerful organisations into the ground… for laughs! For lulz! For shits and giggles! Surely (…)

Read the rest of this entry »

Representative Bono-Mack on the Sony Hack

by adam on May 11, 2011

There’s a very interesting discussion on C-SPAN about the consumer’s right to know about breaches and how the individual is best positioned to decide how to react. “Representative Bono Mack Gives Details on Proposed Data Theft Bill.” I’m glad to (…)

Read the rest of this entry »

A critique of Ponemon Institute methodology for “churn”

by adam on January 25, 2011

Both Dissent and George Hulme took issue with my post Thursday, and pointed to the Ponemon U.S. Cost of a Data Breach Study, which says: Average abnormal churn rates across all incidents in the study were slightly higher than last (…)

Read the rest of this entry »

Requests for a proof of non-existence

by adam on January 24, 2011

So before I respond to some of the questions that my “A day of reckoning” post raises, let me say a few things. First, proving that a breach has no impact on brand is impossible, in the same way that (…)

Read the rest of this entry »

A Day of Reckoning is Coming

by adam on January 20, 2011

Over at The CMO Site, Terry Sweeney explains that “Hacker Attacks Won’t Hurt Your Company Brand.” Take a couple of minutes to watch this. Let me call your attention to this as a turning point for a trend. Those of (…)

Read the rest of this entry »

Referencing Insiders is a Best Practice

by adam on January 7, 2011

You might argue that insiders are dangerous. They’re dangerous because they’re authorized to do things, and so monitoring throws up a great many false positives, and raises privacy concerns. (As if anyone cared about those.) And everyone in information security (…)

Read the rest of this entry »

Nate Silver in the NYT: A Bayesian Look at Assange

by alex on December 15, 2010

From The Fine Article: Under these circumstances, then, it becomes more likely that the charges are indeed weak (or false) ones made to seem as though they are strong. Conversely, if there were no political motivation, then the merits of (…)

Read the rest of this entry »

Be celebratory, be very celebratory

by Chandler on November 5, 2010

A reminder for those of you who haven’t read or watched “V for Vendetta” one time too many, it’s Guy Fawkes Day today: The plan was to blow up the House of Lords during the State Opening of Parliament on (…)

Read the rest of this entry »

Michael Healey: Pay Attention (Piling On)

by alex on September 12, 2010

Richard Bejtlich has a post responding to an InformationWeek article written by Michael Healey, ostensibly about end user security.  Richard  upbraids Michael for writing the following: Too many IT teams think of security as their trump card to stop any (…)

Read the rest of this entry »

Alex on Science and Risk Management

by adam on June 17, 2010

Alex Hutton has an excellent post on his work blog: Jim Tiller of British Telecom has published a blog post called “Risk Appetite, Counting Security Calories Won’t Help”. I’d like to discuss Jim’s blog post because I think it shows (…)

Read the rest of this entry »