Welcome to Collaborative Strategy Guild

Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.

How Red Meat can make Cybersecurity Healthier

By

Recently, the L.A. Times and other places wrote about a study done by Dr. Walter Willett of Harvard, et.al. regarding the impact of red meat on one’s mortality. He found that eating as little as one extra serving of red meat a week contributed to a 13% or 20% increased risk of death. More specifically, they found that

“After multivariate adjustment for major lifestyle and dietary risk factors, the pooled hazard ratio (HR) (95% CI) of total mortality for a 1-serving-per-day increase was 1.13 (1.07-1.20) for unprocessed red meat and 1.20 (1.15-1.24) for processed red meat.”

As with many studies about diet, lifestyle, and death, this one has sparked discussion. The Numbers Guy from the Wall Street Journal,… Continue reading: How Red Meat can make Cybersecurity Healthier

March 26th, 2012 | Category: Economics and Risk, Highlights, Metrics, Random | Leave a comment

RSA Conference 2012 – The Sessions I Don’t Want to Miss

By

The sessions I don’t want to miss (but probably will). These sessions all strike my fancy in some way, and I would love to make it to them. Some are time competing and others take place after I am gone, but I wish I could attend. There are at least two that I am sure I will attend:

Session Code: P2P-108C
Session Title: Where will InfoSec be in 2020?
Facilitator: Pete Lindstrom Research Director
Spire Security
Scheduled Date(s)/Time(s): Tuesday, February 28 03:50 p.m.
Room 112
Session Length: 50 minutes
Session Abstract: Take off your flak jacket and put on your thinking cap. It’s not often we get to be… Continue reading: RSA Conference 2012 – The Sessions I Don’t Want to Miss

February 14th, 2012 | Category: Highlights, Metrics, Random | Leave a comment

Vulnerability Research in the age of Embedded Systems (SCADA)

By

I have a post over at the Verizon Business blog (Considering Vulnerability Disclosure in the Realm of SCADA Systems) about how vulnerability discovery and disclosure impacts risk. Although it provides a basic risk model that can be applied to any situation, it focuses on the recent SCADA disclosures by Digital Bond and Rapid7. These are some of the smartest people in our field and yet they insist (by implication) on increasing risk to make a point. I sincerely hope they reconsider their actions in the future, before any serious damage is done.

Continue reading: Vulnerability Research in the age of Embedded Systems (SCADA)

January 25th, 2012 | Category: Economics and Risk, Highlights, Vulnerability Management | Leave a comment

Evaluating the Oracle Security Manifesto

By

The cool thing about Mary Ann Davidson is she doesn’t mince her words; you know where she stands on every issue and she is willing to own it in the security world. So when I started hearing some buzz about her latest blog post – Those Who Can’t Do, Audit – I expected some sizzle. And got it.

It turns out the target this time is “SASO,” a company that must be making headway in driving legislation towards third party code reviews.

I’ve opined in previous blogs on the importance of defining what problem you want to solve, specifying what “it” is that you want to legislate, understanding costs – especially those pertaining to unintended consequences – and so on.”

->… Continue reading: Evaluating the Oracle Security Manifesto

August 30th, 2011 | Category: Highlights, Random, Vulnerability Management | Leave a comment

Liability and Secure Software

By

iang over at Financial Cryptography has a thought-provoking discussion of liability (ht @alexhutton) and its corresponding risks. I think I added a comment (but can’t be sure) that said this:

Culture and consciousness is all a distraction and very malleable. What really matters at the end of the day is the relative number of vulns in the software.

Also, worth noting that “secure software” is a derivative goal of less risk – that is, fewer incidents. We often opt for the former in the face of the latter, which is counterproductive.

Liability is a horrible idea. Here are some reasons why:

  1. It’s unenforceable.

  2. It will destroy innovation.

  3. It will destroy open-source.

  4. It will create an Xbox Internet.

  5. It will double prices.

  6. It will force lock-in.
  7. And, finally —… Continue reading: Liability and Secure Software

August 22nd, 2011 | Category: Economics and Risk, Highlights, Vulnerability Management | Leave a comment
 
  Older Entries »