Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
Recently, the L.A. Times and other places wrote about a study done by Dr. Walter Willett of Harvard, et.al. regarding the impact of red meat on one’s mortality. He found that eating as little as one extra serving of red meat a week contributed to a 13% or 20% increased risk of death. More specifically, they found that
“After multivariate adjustment for major lifestyle and dietary risk factors, the pooled hazard ratio (HR) (95% CI) of total mortality for a 1-serving-per-day increase was 1.13 (1.07-1.20) for unprocessed red meat and 1.20 (1.15-1.24) for processed red meat.”
As with many studies about diet, lifestyle, and death, this one has sparked discussion. The Numbers Guy from the Wall Street Journal,… Continue reading: How Red Meat can make Cybersecurity Healthier
I have a post over at the Verizon Business blog (Considering Vulnerability Disclosure in the Realm of SCADA Systems) about how vulnerability discovery and disclosure impacts risk. Although it provides a basic risk model that can be applied to any situation, it focuses on the recent SCADA disclosures by Digital Bond and Rapid7. These are some of the smartest people in our field and yet they insist (by implication) on increasing risk to make a point. I sincerely hope they reconsider their actions in the future, before any serious damage is done.
Continue reading: Vulnerability Research in the age of Embedded Systems (SCADA)
iang over at Financial Cryptography has a thought-provoking discussion of liability (ht @alexhutton) and its corresponding risks. I think I added a comment (but can’t be sure) that said this:
Culture and consciousness is all a distraction and very malleable. What really matters at the end of the day is the relative number of vulns in the software.
Also, worth noting that “secure software” is a derivative goal of less risk – that is, fewer incidents. We often opt for the former in the face of the latter, which is counterproductive.
Liability is a horrible idea. Here are some reasons why:
- It’s unenforceable.
- It will destroy innovation.
- It will destroy open-source.
- It will create an Xbox Internet.
- It will double prices.
- It will force lock-in.
- And, finally —… Continue reading: Liability and Secure Software
“Last month, our IT and information assets generated $20 million in revenue in support of 15,000 people using 350 applications. To accomplish this feat, over 32 million connections were attempted across our systems and we applied specific control measures an average of 2.4 times per connection to ensure the completeness and accuracy of our transactions. As a result, over 4 million connections were blocked instantly for not meeting our basic requirements (with 99.75 percent success rate) and we identified 1,700 suspect connections that required further analysis. We ultimately determined that five of those 1,700 were attempted intrusions which we subsequently acted upon according to established procedures. There were no losses associated with the incidents.”
“Last month’s activity has brought to light… Continue reading: My Dream Metrics Status Report
The recent RSA hack has once again (after Google and Aurora made a big splash a little over a year ago) brought to the surface this notion of an “advanced persistent threat.” There is great emotion on all sides of the debate about what it is and whether it matters. As I listened to Uri Rivner of RSA describe the nature of the attack on Friday, for some reason I couldn’t stop thinking about The Cuckoo’s Egg, which was a fascinating account by Clifford Stoll of how he tracked down an industrial espionage ring. Back in the early-mid 80′s. Over 25 years ago.
Of course, the attackers didn’t use spear-phishing then, but the idea of the “APT” as an adversary was… Continue reading: Thinking about APTs and the RSA Hack
|
|
