Commentry on Probablistic Risk Assessments

I was doing some reading on the hack and stumbled onto a reference to a Risky Business podcast on probablistic risk assessments. It’s a great argument as to why risk assessment does not work well in the information security space.  The basic thesis is you can’t assign a probability to a serious attacker.   … Continue Reading Commentry on Probablistic Risk Assessments

Security’s “Hierarchy of Need”

I’ve been thinking about a concept lately that came up in a discussion around security’s “Hierarchy of Needs”. Most people would be familiar with the basic concept from Maslow’s Hierarchy of Needs – the idea being that all humans have a set of needs, and the higher level needs can never be truly satisfied until… Continue Reading Security’s “Hierarchy of Need”