Hey everyone.  I have a travel day, so I thought I’d use today to point some items out to y’all (sorry, too much Paula Dean).

PITY ADAM SHOSTACK

Why?  Because apparently, Adam has one of the worst jobs in the world.   You know what?  I’m betting he doesn’t.  I’ll bet his job kicks butt.  Microsoft’s PR department, however…

RISK MANAGEMENT IS MY PASSION

So is baseball.  Why not combine the two?  Remember how our risk concept is best described as probability and impact of failure in a complex system?  Few things are more complex than the modern athlete.  So why not use inference to determine probability of failure?

FRANKIE SAY
WAR
HIDE YOURSELF!

MCWResearch is “on” in his last two posts on IT Security Warfare.   Problem is that we’re not really allowed all the benefits of counter-attack.  That approach to warfare doesn’t exactly work too well.

The other problem is that I’m going to have “Two Tribes” (YouTube video w/sound - careful) in my head all day now.

STATISTICS, INFERENCE AND PROJECT MANAGEMENT

Many of you CISOs who read us out there (we know who you are!) have your own PMs.  They’ve got the same  issues, apparently.

CHANDLER DOESN’T WANT TO LOSE HIS HAND

Risk tolerance, risk appetite, loss avoidance.  It’s tough to have the discipline to be specific - but the terms matter, as do the perspectives.  Good stuff from Chandler.

PITY DHS IT EMPLOYEES

Hastily developed and now suffering the result of that growth - now they’re being asked to answer to congress in metrics this industry just doesn’t have.

Posted on June 27