Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: probability

How to be a Software Engineer without Understanding Software

– Imagine a world where the majority of people who claim to “do” software engineering do not know even basic concepts that are taught in computer science 101 classes, such as basic data structures and why they matter. A world in which most accountants didn’t know how to read a…

6 Theories of Probability and 6 Reasons Why They Matter to ISRA

– While probably everyone would agree that information security risk analysis (ISRA) is shot through with appeals to probability, very few non-academic discussions of ISRA provide any sort of rigorous analysis of what “probability” means. (See Alberts and Dorofee 2003 for a notable…

Decision Theory is the Foundation for Information Security Risk Management

– Disclaimer: I originally wrote the following text as a post to a mailing list in 2005, but it still seems applicable today. The more I read the writings of various information security professionals about information security risk analysis (ISRA), the more I’m struck by the following…

The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 1)

– Many discussions of security risk analysis methodologies mention a distinction between quantitative and qualitative risk analysis, but virtually none of those discussions clarify the distinction in a rigorous way. The purpose of this 3-part series is to clarify that distinction and then show why…