What more do you want on a Friday? Ok, here’s details.Read More Rubber Duck on The Thames
In the holiday spirit I wanted to share an academic-style paper on the Elevation of Privilege Threat Modeling card game (EoP_Whitepaper.pdf) The paper describes the motivation, experience and lessons learned in creating the game. As we’ve shared the game at conferences, we’ve seen people’s eyes light up at the idea of a game. We think…Read More Elevation of Privilege: Drawing Developers into Threat Modeling
Earlier this month, I spoke with Derek Slater: In early 2008, Adam Shostack and Andrew Stewart released the book The New School of Information Security. And they launched a blog in support of the book and its message. I wondered about how Shostack perceives the state of IT risk management now, and whether he thinks…Read More Information Security Risk: A Conversation with CSO
Gävlebocken har brunnit: Webbkamerabilder visade hur bocken snabbt blev övertänd och totalförstördes innan brandkåren hann fram. Or you can check the webcam: http://www.merjuligavle.se/Bocken/Bockenkamera/Read More The Gavle Goat's Gone!
There’s a fascinating set of claims in Foreign Affairs “The Fog of Cyberward“: Our research shows that although warnings about cyberwarfare have become more severe, the actual magnitude and pace of attacks do not match popular perception. Only 20 of 124 active rivals — defined as the most conflict-prone pairs of states in the system…Read More The Fog of Reporting on Cyberwar
As I’ve read Kahneman’s “Thinking, Fast and Slow,” I’ve been thinking a lot about “what you see is all there is” and the difference between someone’s state of mind when they’re trying to decide on an action, and once they’ve selected and are executing a plan. I think that as you’re trying to figure out…Read More Usable Security: Timing of Information?
My friend Raquell Holmes is doing some really interesting work at using improv to unlock creativity. There’s some really interesting ties between the use of games and the use of improv to get people to approach problems in a new light, and I’m bummed that I won’t be able to make this event: Monday Dec…Read More Can Science Improvise?
Apparently Twitter sent me some credits to use in their advertising program. Now, I really don’t like Twitter’s promoted tweets — I’d prefer to be the customer rather than the product. (That is, I’d like to be able to give Twitter money for an ad-free experience.) At the same time, I’m curious to see how…Read More Should I advertise on Twitter?
There was a story recently on NPR about kitchen waste, “No Simple Recipe For Weighing Food Waste At Mario Batali’s Lupa.” Now, normally, you’d think that a story on kitchen waste has nothing to do with information security, and you’d be right. But as I half listened to the story, I realized that it in…Read More Infosec Lessons from Mario Batali's Kitchen