{"id":110,"date":"2011-06-25T17:05:56","date_gmt":"2011-06-25T07:05:56","guid":{"rendered":"http:\/\/blog.wingsofhermes.org\/?p=110"},"modified":"2011-07-02T09:20:58","modified_gmt":"2011-07-01T23:20:58","slug":"commentry-on-probablistic-risk-assessments","status":"publish","type":"post","link":"https:\/\/blog.wingsofhermes.org\/?p=110","title":{"rendered":"Commentry on Probablistic Risk Assessments"},"content":{"rendered":"<p>I was doing some reading on the <a href=\"http:\/\/distributeitsupport.blogspot.com\/2011\/06\/update-shared-hosting-clients-21st-june.html\">distribute.it hack<\/a> and stumbled onto a reference to a <a href=\"http:\/\/risky.biz\/\">Risky Business<\/a> podcast on <a href=\"http:\/\/risky.biz\/RB191\">probablistic risk assessments<\/a>.<\/p>\n<p>It&#8217;s a great argument as to why risk assessment does not work well in the information security space.&#160; The basic thesis is you can&#8217;t assign a probability to a serious attacker.&#160; &#160; We&#8217;ve built a whole risk model on the idea that we can assign a probability to various events &#8211; we treat risk in a malicous environment as we would in a &quot;normal&quot; environment.&#160; We have a certain risk of machine failure therefore we have a similarly measurable risk on a malicious attacker and of course these two are not equivalent at all.<\/p>\n<p>A great interview to listen to.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was doing some reading on the distribute.it hack and stumbled onto a reference to a Risky Business podcast on probablistic risk assessments. It&#8217;s a great argument as to why risk assessment does not work well in the information security space.&#160; The basic thesis is you can&#8217;t assign a probability to a serious attacker.&#160; &#160;&hellip; <span class=\"clear\"><\/span><a href=\"https:\/\/blog.wingsofhermes.org\/?p=110\" class=\"more-link read-more\" rel=\"bookmark\">Continue Reading <span class=\"screen-reader-text\">Commentry on Probablistic Risk Assessments<\/span><i class=\"fa fa-arrow-right\"><\/i><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1],"tags":[25,6],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pX0hd-1M","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.wingsofhermes.org\/index.php?rest_route=\/wp\/v2\/posts\/110"}],"collection":[{"href":"https:\/\/blog.wingsofhermes.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wingsofhermes.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wingsofhermes.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wingsofhermes.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=110"}],"version-history":[{"count":2,"href":"https:\/\/blog.wingsofhermes.org\/index.php?rest_route=\/wp\/v2\/posts\/110\/revisions"}],"predecessor-version":[{"id":114,"href":"https:\/\/blog.wingsofhermes.org\/index.php?rest_route=\/wp\/v2\/posts\/110\/revisions\/114"}],"wp:attachment":[{"href":"https:\/\/blog.wingsofhermes.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wingsofhermes.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wingsofhermes.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}