tag:blogger.com,1999:blog-4088979.post3002876630288984955..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Can Interrogators Teach Digital Security Pros?Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4088979.post-36648693361040294732015-03-24T17:40:34.580-04:002015-03-24T17:40:34.580-04:00From theory, the issue we face is not only paradin...From theory, the issue we face is not only parading the right kind of cyber security science, but also ground truthing the damage valuation standards.<br /><br />Primary losses (versus secondary loss, taken from FAIR) require actuarial tablization. Secondary losses, which include intangible assets such as brand damage and reputation loss, have not been modeled fully. The science is currently in progress -- and changes too often to narrow down. The Internet moves too fast -- even the advertises can't keep up with their own brand and reputation trajectory changes.<br /><br />Douglas Hubbard's books on measuring intangibles and understanding risk have well-thought theories, however they change rapidly with new releases every 3 or so years. There are a small few of economists who can calculate and narrow down the science of cyber risk, cyber insurance, et al. They need to publish with the other authors and thought leaders in this field. The coming together of minds is happening, but it is slower than Internet speed. The language and socializing of FAIR and similar threat and risk quantification practices needs to happen across all verticals, and all audit, risk, regulatory, cyber insurance, and cyber threat experts need to start speaking this new language.drehttps://www.blogger.com/profile/17414510788948258195noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-67178668937308654652015-03-24T17:10:59.054-04:002015-03-24T17:10:59.054-04:00I would say that one should understand fundamental...I would say that one should understand fundamentals first, of what is needed before being able to practically approach the subject. This is where it lacks in digital/network forensics, perhaps. Once we understand how things work in the "micro" level, applying practical methods become much easier. n0rth3rnl1t3zhttps://www.blogger.com/profile/11841547699830483313noreply@blogger.com