Science of Risk Management

This is a really interesting podcast interview with Sidney Dekker, who’s one of the most important thinkers in safety. The Jay Allen Show on Safety. (Fast forward through the first 3 minutes, the content is quite interesting.) Particularly interesting is his discussion of some ‘best practices’ which come out of a poorly supported chain of…

Read More Podcast with Sidney Dekker

As security professionals, have we ever sat down and truly made an effort to empirically determine what controls are actually effective in our environment and what controls do very little to protect our environment or, worse yet, actually work to undermine our security. That’s from The Need for Evidence Based Security, by Chris Frenz, is…

Read More Evidence Based Security

What’s more primordial than fire? It’s easy to think that fire is a static threat, and defenses against it can be static. So it was surprising to see that changes in home design and contents are leading to fires spread much faster, and that the Canadian Commission on Building and Fire Codes is considering mandates for home sprinklers.

The CBC’s “Rise in fast-burning house fires heats up calls for sprinklers in homes” has a good discussion of the changing threat, the costs of mitigation, and the tradeoffs entailed.

While everyone else is talking about APT, I want to talk about risk thinking versus outcome thinking. I have a lot of colleagues who I respect who like to think about risk in some fascinating ways. For example, there’s the Risk Hose and SIRA folks. I’m inspired by To Encourage Biking, Cities Lose the Helmets:…

Read More Bicycling & Risk

Adam just posted a question about CEO “willingness to pay” (WTP) to avoid bad publicity regarding a breach event.  As it happens, we just submitted a paper to Workshop on the Economics of Information Security (WEIS) that proposes a breach impact estimation method that might apply to Adam’s question.  We use the WTP approach in a…

Read More New paper: "How Bad Is It? — A Branching Activity Model for Breach Impact Estimation"

The past 10 years have been the best in the country’s aviation history with 153 fatalities. That’s two deaths for every 100 million passengers on commercial flights, according to an Associated Press analysis of government accident data. The improvement is remarkable. Just a decade earlier, at the time the safest, passengers were 10 times as…

Read More Aviation Safety