Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: InfoSec Economics

Response to Gary Hinson

– First, you should know that I very much agree with and respect Gary Hinson’s approach to infosec. I have frequently quoted his definitive paper “Seven myths about information security metrics,” which first appeared in the July 2006 issue of The ISSA Journal, and which you can on the website…

Cloud Computing Security at Newsweek

– Daniel Lyons will publish an op-ed on the insecurity of cloud computing in Newsweek‘s February 1st, 2010 issue. The  main thrust of the article can be summarized as such: But there is one big, glaring problem with cloud computing, and it just got laid bare in Google’s recent problems…

Classy Data (pt. 3) – Ownership and Risk

– Security professionals proudly describe how they assign owners to their organizations’ data and those owners “assume the risk of any compromise of the data.” Give me a break! The owner is invariably some business-unit manager who just wants to get the job done. The manager will agree to…

DHS Security Control May Improve Airport Economy

– It turns out that banning water on airplanes may help improve the vendor economy in airports. The idea is simple. Since passengers may not carry water onto airplanes when boarding, each flight airport hop benefits because passengers need to re-purchase drinks when they land and exit the aircraft.…

Cyberspace Policy Review … Motivating the Private Sector

– You probably know the expression: “Those who ignore history are bound to repeat it.” This is apparently a misquotation of philosopher George Santayana’s opinion that “Those who cannot remember the past are condemned to repeat it.” Santayana published this around 1905-1906. However, the…