She said she was turned on by men who took risks . . .
So he took the plastic off his iPhone screen.
— 50 Nerds of Grey (@50NerdsofGrey) April 1, 2016
I had a slightly engaging discussion regarding the scoring of impact, with human life being one of the factors. (Think a negative event with the factors being reputation, financial, property, human life as part of the equation)
What value do we place on ourselves when it’s an injury? Or loss of limb? If… and again, this was just a thoughtful discussion… so not to be taken too seriously, a person is missing a limb… are they worth as much? Does that count as a 1 in a chart where likelihood is one loss in x number of years?
Possibly to an employer, but to the person who lost that limb, they probably value their life even more! They probably mean more to their families who may care for them even more than before!
The discussion can be further taken by looking at the probability of a threat to a grouping of people. Horrific, I’m sure. But the same threat to a hospital with disabled people who may be missing limbs… the value of human loss is magnified. At least in the public eye.
According to Wikileaks
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
The agency’s Center for Cyber Intelligence(CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
More can be read here.
Be on the lookout this week for phishing attacks that play on Valentine’s day. <eom>
I know kids don’t visit my site, but adults do. Show this to your kids.
Dr. Cybrina, CISSP teaches kids how to stay safe and secure online while Garfield tries to break his Jelly Donut record.
There seemed to be a lack of this mapping everywhere, so here is my contribution and creation for those looking to map the CyberSecurity Framework to ISO 27001 Groups to the NIST 800-53 Control Families.
Quantitative risk analysis is achievable, can be pragmatic, and can actually out-perform qualitative risk analysis in the face of complex issues like intelligent adversaries. Join Jack Jones, the original author of the Factor Analysis of Information Risk (FAIR) framework and (ISC)2 to learn more about FAIR. Jack will highlight both the quantitative use-cases as well as the ways in which FAIR can be leveraged to improve qualitative risk analysis.
Jack is an old friend and mentor.
I encourage readers to check out the FAIR Institute.
An amusing clip on George Costanza becoming a mentor on Risk Management