Artificially Intelligent Unstructured thoughts on cyber security, cyber warfare, information warfare, resilience, and all things risk management.

On risks and issues

"Issues are risks that have already occurred” is the standard view of the difference between what is popularly called “risk” and “issue”. But, that’s a superficial difference that does... »

Transitive trust and risk

"... and of course we have set transitive trust between different sources of identity" said he with a glee. That's when I knew for certain I was not speaking with someone... »

Sony Pictures and risk management

Sony Pictures information security team, small as it is, is in the crosshairs of all and sundry after the recent breach of significant proportions. As is typical for information security,... »

Not everyone is WEIRD

If you are told that you are WEIRD don't take it as an offence. It likely means that you belong to about 12% of the global population that is Western,... »

When you use ordinal scales ...

... you are committing a cardinal risk management sin. Of course that doesn't stop people from continuing to do qualitative risk assessments, and there's absolutely nothing wrong with that so long... »

Risk Appetite Redux

In the “Risk, risk everywhere and not an appetite for it” post I proposed the following spur-of-the-moment-inspiration-through-significant-dose-of-caffeine definitions for risk appetite and risk tolerance: “Risk appetite: This is your general,... »

It's the utility, stupid!

"Managers who are isolated from the intelligence customer tend to monitor the quantity of reports produced and level of polish in intelligence products, but not the utility of the intelligence... »

Conventional thinking and risk avoidance

In large, slow-moving bureaucracies, conventional thinking and risk avoidance become paramount, irrespective of how many times a day people at that organization use the word “strategy” or “innovation.” Peak Intel:... »

Risk management and intelligence

When the intelligence business works, it helps create organizational cultures where empirical evidence and concern for the long-range strategic impact of a decision trump internal politics and short-term expediency. Peak... »

Internet resilience

Richard Clayton has a great post summarising the recent paper for ENISA that he co-authored on the Internet resilience. Food for thought: Internet interconnectivity is a complex ecosystem with many... »

iPhone security - Still needs work done

Bernd Marienfeldt uncovered a major security hole in iPhones armour (yes, another one).These risks should be mitigated to acceptable levels. A portable-computing device and -electronic storage media that contains... »

Books to read

Thanks to Red Team Journal I have another book to add to my list. Structured Analytic Techniques for Better Strategies sounds like the reference book I’ve been meaning... »