Shostack + Friends Blog Archive


Quick Links

John Robb has an article at Global Guerrillas about the cost of terrorist attacks and their impact on the economic equilibria at work in cities, based on a report by the NY Fed.

A terrorism tax is an accumulation of excess costs inflicted on a city’s stakeholders by acts of terrorism.  These include direct costs inflicted on the city by terrorists (systems sabotage) and indirect costs due to the security/insurance/policy/etc. changes needed to protect against attacks.  A terrorism tax above a certain level will force the city to transition to a lower market equilibrium (aka shrink).  So, what is that level? 

Next, Ian Grigg discusses an article on corporate espionage:

… against American companies, generally by their competitors. It’s good because it is real. The threats are validated by court filings, research and surveys. This is what real security is about, determining what threats are out there, validating them and constructing economic models of their costliness. Only then can security people proceed to design economic security systems to address the threats.

I’m generally skeptical of claims of industrial espionage, but the Baseline article has six examples. Its not clear to me that’s enough to build a business case.

Finally, John Gruber has a long article at Daring Fireball on what to do before you patch your Mac, with some discussion of the superstitious, and potentially harmful advice that’s out there. Short answer: wait a day or three (gosh, where have I read that?), and backup first.