Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
The Ponemon healthcare study, the Second Annual Benchmark Study on Patient Privacy and Data Security (sponsored by ID Experts), has been gaining quite a bit of attention in the press and in the blogosphere over the past few days.
Overall, it’s an interesting report (as most Ponemon reports are). And I for one am pleased that folks out there are interested enough in the intersection of HIT and security to go out and read it… even more pleased that so many people find the topic interesting and valuable enough to write about it.
But all that being… Continue reading: HIT security: conclusions in a “contradictory report”-sandwich?
“Last month, our IT and information assets generated $20 million in revenue in support of 15,000 people using 350 applications. To accomplish this feat, over 32 million connections were attempted across our systems and we applied specific control measures an average of 2.4 times per connection to ensure the completeness and accuracy of our transactions. As a result, over 4 million connections were blocked instantly for not meeting our basic requirements (with 99.75 percent success rate) and we identified 1,700 suspect connections that required further analysis. We ultimately determined that five of those 1,700 were attempted intrusions which we subsequently acted upon according to established procedures. There were no losses associated with the incidents.”
“Last month’s activity has brought to light… Continue reading: My Dream Metrics Status Report
The recent RSA hack has once again (after Google and Aurora made a big splash a little over a year ago) brought to the surface this notion of an “advanced persistent threat.” There is great emotion on all sides of the debate about what it is and whether it matters. As I listened to Uri Rivner of RSA describe the nature of the attack on Friday, for some reason I couldn’t stop thinking about The Cuckoo’s Egg, which was a fascinating account by Clifford Stoll of how he tracked down an industrial espionage ring. Back in the early-mid 80’s. Over 25 years ago.
Of course, the attackers didn’t use spear-phishing then, but the idea of the “APT” as an adversary was… Continue reading: Thinking about APTs and the RSA Hack
Mike Rothman of Securosis stirs things up a bit with his “Risk Metrics are Crap” post. This type of exercise forces participants to make public commitments. In itself, this is not a huge deal since many positions of those in our space are relatively well documented already, however, anyone familiar with Cialdini knows that commitment serves to reinforce positions and not promote compromise or learning. Not surprisingly, nobody changed sides. In fact, nobody moved an inch (or maybe that’s a “teeny-tiny bit” for those quant-averse participants).
More importantly, nobody is budging because there is nothing new here. Mike simply took semi-random potshots at risk quantification, used a lot of potty language and then sat back. Perhaps the most… Continue reading: Attention InfoSec Pros: measuring risk is in your future
(is that title the proper English spelling of two kids disagreeing? who knows…)
Andrew Gelman’s enlightening blog points to a great example how scientific research helps us get smarter. He excerpts:
Three articles published [by Brett Pelham et al.] have shown that a disproportionate share of people choose spouses, places to live, and occupations with names similar to their own. These findings, interpreted as evidence of implicit egotism, are included in most modern social psychology textbooks and many university courses. The current article successfully replicates the original findings but shows that they are most likely caused by a combination of cohort, geographic, and ethnic confounds as well as reverse causality.
[Unfortunately, the entire original appears to be behind a paywall.]
The studies… Continue reading: Nuh, uh; Yuh, huh
|
|
