Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: Security Metrics

Security Metrics, Recency Bias and Availability Heuristics

– I “recently” came across an article by Tom Chatfield with the title “The Trouble with Big Data? It’s Called The ‘Recency Bias,’” which is available at http://www.bbc.com/future/story/20160605-the-trouble-with-big-data-its-called-the-recency-bias The article was published on June 5,…

Are Big Data Big Enough for Information Security?

– The simple answer is … no! But how can that be? Surely if we were to assemble every scrap of available data about our systems and networks and their use, we should be able to find the veritable needles in the haystacks, given the right tools and sufficient time. This is clearly an underlying…

Driven off the Road by Security Metrics

– An article in the July 18, 2011 issue of TIME Magazine caught my eye. It was Rana Foroohar’s piece, on page 22, with the title “Driven off the Road by M.B.A.s: The rise of business schools coincided with the fall of American Industry.” The thesis presented is that the U.S. economy tanked…

Vindication for Toyota? Proving the Negative

– In my February 16, 2010 Bloginfosec column “Negative Testing Revisited – Vehicle Control Systems (Part 1),” I describe and discuss the concerns about the software controlling the brakes on Toyota regular-engine and hybrid vehicles and Ford hybrids. The supposition was that there were…

Old Mother Hubbard and “Building Data Collection In”

– Recently I listened to the webcast of a conference on the security-related data needs of researchers and how, if companies would only share the data, which they supposedly have, the academics would be in research heaven. As I listened, I couldn’t help thinking of the English nursery rhyme…