[FDE] How important is FIPS 140-2 Level 1 cert?
dan at geer.org
dan at geer.org
Thu Dec 21 05:21:44 MST 2006
"Saqib Ali" writes:
-+-----------------
| However my question was much more general, in that I wanted
| to know how much weight, in a Kepner Tregoe (KT) analysis,
| does a non-government institution (large enterprise) give
| to the FIP 140-2 Level 1 certification. I know FIPS
| certification is usually a must for govt institution, but
| not sure about non-govt institutions.
I've never been all that comfortable with
decision methods which rely on weighting.
The assignment of relative weights in a formal
decision making process feels like one is
fooling oneself that the decision making
is scientific and rigorous when all the
guesswork is sequestered in magic steps
like KT's
..
3. Rank objectives and assign <b>relative weights</b>
4. <b>Generate alternatives</b>
5. Assign a <b>relative score for each alternative</b>
..
The weights contain all the intelligence
and the rest is indeed mechanical. On the
other hand, when the outcome is truly a
matter of personal preference (die five
years earlier vs. lose your feet) this is
likely the only thing you can do. Indeed,
the very point of a market is to do price
discovery, i.e., to assign relative weights
through an auction that takes into account
the personal preferences of willing buyers
and willing sellers.
What I'd suggest is that you do indeed set
up some decision tree and then, laborious
though it may be, find out how sensitive
the outcome is to mis-assignment of the
weights in the branches of the tree. If
the "answer" is robust against mis-assigned
weights, then that answer is itself robust
and if not, not.
It is likely that I am not helping...
--dan
More information about the FDE
mailing list