[Pete Lindstrom is VP of Research at Spire Security, LLC and host of the AMP Firehose 1-day Workshop (vendor bakeoff) coming up in Chicago on 10/29. Register at www.regonline.com/AMPFirehoseCHI.] I believe the folks at Gartner put a lot of research…
Random
The 7-day Itch: Ups and Downs of Google’s New Disclosure Policy
by Pete Lindstrom • • Comments Off
Recently, members of the security team at Google made an important announcement about “real-world exploitation of publicly unknown vulnerabilities.” While it was done on the Google Online Security blog, all indications are that this is an official Google policy statement.…
Cognitive Dissonance or Spite?
by Pete Lindstrom • • Comments Off
I happened to see a tweet the other day that said: “If you want a bug fixed quickly, sell it on the Russian black market. It’ll be so heavily abused that the vendor will patch out of cycle.” Now, it…
How Much did Amazon Lose in Yesterday’s Outage?
by Pete Lindstrom • • Comments Off
One of the crucial aspects of risk management for infosec pros to learn is how to estimate consequences. It can be helpful to review incidents and create a model for thinking about losses. Amazon’s outage for an hour yesterday, is…
How the Cost of Interventions provides Insight into Security Decisionmaking
by Pete Lindstrom • • Comments Off
In 1994, Tengs, et.al. published the research paper “Five-Hundred Life-Saving Interventions and Their Cost-Effectiveness.” (pdf) The research reviewed 587 different interventions and calculated the “cost per life-year saved” as a normalized metric across over 200 different studies on economic costs. So,…
Ruminations on Info Asset Value, Impact, and Control Horizons
by Pete Lindstrom • • Comments Off
One of the most challenging characteristics in our space is that *direct* information asset value – what the business is interested in – has an ambiguous relationship to consequences/impact – what security professionals are trying to minimize. I am a…
How Red Meat can make Cybersecurity Healthier
by Pete Lindstrom • • Comments Off
Recently, the L.A. Times and other places wrote about a study done by Dr. Walter Willett of Harvard, et.al. regarding the impact of red meat on one’s mortality. He found that eating as little as one extra serving of red…
RSA Conference 2012 – The Sessions I Don’t Want to Miss
by Pete Lindstrom • • Comments Off
The sessions I don’t want to miss (but probably will). These sessions all strike my fancy in some way, and I would love to make it to them. Some are time competing and others take place after I am gone,…