» How To Sell Security -
July 25, 2008
Bruce Schneier recently posted an article on CIO.com entitled “How to Sell Security.” In it, Bruce uses Prospect Theory to assert that the most effective way to sell security is through fear, or more ethically, indirectly bundled as part of more generic offerings. Bruce as always makes solid points, but I think overlooks a key [...]
» Quant Fever - July 25, 2008Furthering the discussion of applying quantitative thinking to information security, I thought I would share some influential resources (with no particular order or organization). How To Measure Anything provides a very interesting glimpse of what applied information risk quantification could look like. In particular, the sections on confidence intervals, calibration, and Monte Carlo analysis are [...]