I’ve been working a project identifying a comprehensive cyber curriculum. The various standard infosec curriculums are primarily for non-conflict oriented entities, and NIST/NICE is really a human resources hiring tool. One aspect of this tasking is looking at the idea…
Author: Samuel Liles
Today’s Picture – December 21st, 2011
Today’s Picture – December 20th, 2011
Risky business with national budgets
If you hear an information technology professional say there are risks to an organization fire them. There is only risk. Risk is a state of possible negative consequences and stating there are multiple risks is glossing over a deeper reality.…
Today’s Picture – December 19th, 2011
Personal technology plan year end update
End of the year and time to reflect on a few things. Every year I try and make some predictions, see how I’ve done on some others, and plan out some goals for the rest of the year. I also…
Thinking about cyber conflict and the role of metaphors in strategy and tactics
Technology and tactics within the realm of cyber conflict are fairly well understood. Networks have been with us for a long time, and we have a fairly good grasp on the exploitation of vulnerabilities. Yet there is an unhealthy focus…
Threats and heuristics in enterprise risk management (infosec)
When trying to assess enterprise risk and the threats vectors that create risk there are standard models or derivations of frameworks that are found in the literature such as NIST and Octave-Allegro . The current practice is to take the various…
Why a cyber Billy Mitchell/Hyman Rickover won’t fix this…
Rickover and Mitchell were visionary ambassadors and petty tyrants of their respective domains of war fighting. Each working in their own peculiar way eviscerated leadership on the way to promoting new ways of waging war. The history is pretty detailed…
Who wrote Stuxnet?
Who cares?
Blood is thicker than TCP/IP
Jeffrey Carr predicts 2012 isn’t going to be a pretty way forward for information security professionals, industry or governments. He has a couple of points I’d like to dissect a little bit. I’m not much for alarm bells. We’ve had…
Positions on risk and information security
Consider the risk management of information and the principles of risk themselves. Do we have a culture that is working so far to right of the normalized curve of expectations that we’re expending huge amounts of resources for very little…
Concept Map: Enterprise Risk Management
EDIT 2/27/2012 — A lot of people are showing up looking at this lately. I have an update on it that I can post if you are interested. Using the comment function is onerous but let me know if you…
An argument for a comprehensive definition of cyberspace
Contention: There is a contention that cyber is the electromagnetic spectrum and that point is countered by a position that cyber is larger than or composed of more than the electromagnetic spectrum. The proponents of the electromagnetic spectrum say that cyber…
Less is more: Orphan computers and mission assurance
Unlike a lot of technologists I don’t have a bevy of personal computers I use. I only have one primary computing device, one phone, and that’s it. Yes I have a couple of computers for work that are used at…