jump to navigation

Risk 101 and my new $500 Million Fortune- Goodbye Work! March 29, 2012

Posted by Chris Mark in Risk & Risk Management.
Tags: , , , , , ,
add a comment

I have written a number of posts on risk and probability in the past.  You can read them here.  As I was on the phone with a good friend last night talking about buying our Mega Millions lottery tickets for the very first time, I was struck by how amusing the whole situation was. My wife and I were talking with our friends about a strategy to buy lottery tickets.   I was talking about buying lottery tickets for the very first time!  First, they don’t sell MegaMillions in Utah, and I have never played the lottery.  Why? I recognize that the chances of winning are infinitesimally small. (~1 in 176 million)  So what changed last night?

The MegaMillions lottery approached $500 million for the jackpot!  Can you believe it?  I am going to be $500 million richer in the next few days!  I just feel it.  I have the winning numbers! Odds be damned! Goodbye GlobalRiskInfo.com and hello life of luxury on my new super yacht Risky Business! (I even have it picked out and named) (more…)

“We Can’t Live in Castles” – FBI Official Concedes; CyberSecurity Policy is a Failure March 28, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , ,
add a comment

In my Google alerts  today was an article from Foxnews titled: “Retiring FBI Official Says Current US CyberSecurity Strategy ‘Unsustainable'”  Shawn Henry, the FBI’s Assistant Director for CyberSecurity refers to the increasing cyber attacks on government and corporate targets and says: “We are not winning”.  All I can say at this point is…WOW..again we are beating a dead horse!  In 2010, I said the same thing at an InfraGard event in Salt Lake City, and RSA has said the same thing.  We sound like broken records at this point.  This post will likely be a bit more pointed and blunt than most but my frustration is mounting on the subject. For a shameless plug on my own research brief, please read: “A Failed State of Security” now published by IDGA.

CyberAttacks against corporates, committed by individuals are crimes.  Crimes are human acts undertaking by living, breathing, thinking human beings.  CyberSecurity, at its core, is about more than building castles to keep the princess protected.  It is also about changing human behavior to deter the criminal behavior.

“deterrence is ultimately about decisively influencing decision making.  Achieving such decisive influence requires altering or reinforcing decision makers’ perceptions of key factors they must weigh in deciding whether to act counter to (our interests) or to exercise restraint.”[1] (more…)

Risk 102: “Security Ain’t Safefy”; Putting Risk In Context March 26, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management, terrorism.
Tags: , , , , , , ,
add a comment

In reading through the volumes of blogs, and Linkedin comments on security and risk management a common theme appeared.  When talking about risk management at it applies to security there appears to be a temptation to use the same models and methodologies as those used in safety risk management.  Make no mistake, safety risk management is critical and both aspects may overlap from time to time.  Whether analyzing auto accident risks, designing industrial equipment or other aspect, it is important to understand and analyze the risk of the activity. The difference lies in the catalyst for the events in question.  (more…)

Risk 102- Lose “A” Match but Win “THE” Game March 23, 2012

Posted by Chris Mark in Risk & Risk Management, weapons and tactics.
Tags: , , , , , , , ,
add a comment

Risk management is about decisions.  Given certain information, people then make decisions that they hope will minimize the risk of a particular outcome.  This post is about risk and decisions.

Years ago I was a young Marine attending the USMC’s Amphibious Reconnaissance School (ARS).  Upon successfully passing the school I would be conferred with the coveted Military Occupational Specialty (MOS) of 0321- Reconnaissance Marine.  Recon Marines operate in very small teams conducting various reconnaissance missions to provide intelligence to the commander. The last phase of ARS training is known as “patrolling phase”.  This is where all the students put their skills to use and run back to back patrols for a week while begin graded by the instructors.

During one of the final patrols we came upon a road known in military speak as a “linear danger area” and were considering a “two man bump” and other techniques to safely cross the danger area.  After having not slept for the better part of a week my mind was a bit foggy.  I asked the instructor: “SSGT, if we apply these techniques can we be confident that we will cross safely?”  He looked at me and said: “Mark, you can do everything by the book and exactly right and still get your entire team killed.  All you can do is make tactically sound decisions and hope for some luck.”  Certainly without meaning to do so, this Marine Staff Sergeant articulated the idea of risk and risk management as well as any academic. (more…)

22 Arrested in Iranian Backed Plot Against US and Israeli Embassies March 14, 2012

Posted by Chris Mark in Industry News, Risk & Risk Management, terrorism.
Tags: , , , , , ,
add a comment

According to FoxNews and Agence France Presse, 22 people have been arrested inside Azerbaijan suspected of planning attacks against the US and Israeli embassies inside Baku.  According to the reports, the attacks were planned for the benefit of Iran.

“Twenty-two citizens of Azerbaijan have been arrested by the national security ministry for cooperating with the Iranian Sepah,” the ministry said, referring to the Iranian Revolutionary Guards, according to AFP. “On orders of the Sepah, they were to commit terrorist acts against the US, Israeli and other Western states’ embassies and the embassies’ employees.” (more…)