I was up early this morning and off to Ceasar's, where I quickly registered, grabbed a bagel, coffee, and took the lay of the land. There seems to be a lot more people this year and quite a few more vendors. I saw a few folks I know and managed to call one person by the wrong name. So, I hit the Intro and the Keynote.
Key Note Speech -- Complexity in Computer Security
Ian Angell, Professor Information Systems, London School of Economics
This was a really great knock-in-the-jaw speech (Okay, I was speaking metaphorically!). One of the main points he made was that our instincts to use statistics and risk analysis to simplify complex systems is doomed to fail by its nature, especially when that system has human pressures applied to it. When people ask me about info security risk, I often make a similar point by drawing a standard bell curve with lines for two standard deviations from the mean. For some instinctive reason, people seem to be very comfortable trying map to this distribution world view of risk. Then I draw an arrow pointing to around 2% with a snarky caption like, "Owned". The problem is that, things just don't follow simple models when dealing with emergent systems, because the rules of evaluation can change at any time. There really are no rules that can fully work. I'm going to have to think about it some more ... seriously.
More on Day 1 talks as I get them written up.
Wednesday, August 6, 2008
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment