[FDE] A quant look at the Information Security
Ali, Saqib
docbook.xml at gmail.com
Fri May 30 22:24:04 MDT 2008
An excellent excellent talk by Dr. Dan Geer (the most famous pair of
side burns in InfoSec):
http://www.cerias.purdue.edu/video/secsem/secsem_20070321.mp4
Abstract
If there is a difference between information and bits we had better
find it soon. The bit-count is bounding upward, no one dares throw
anything away, and once "search" supplants "organize" there is no
going back. Information may or may not want to be free, but it wants
to be in motion, so much so that ISPs see their future in movie
rentals and the speed of light determines how far away your trade
submission servers can be from the Exchange and still do
micro-arbitrage. Like a gas, information has to be collected,
purified, and compressed to be of value, so any leak, impurity, or
loss of containment is a loss of value, per se. The street price of
drugs has a more stable floor than the street price of stolen data,
the percentage of attack tools that are privately held is rising, and
the workfactor for information defense is the integral of the
workfactor for information offense, yet we do not have the
quantitative tools to value our information. That is possibly the key
-- quantitative information risk management that is on par with
quantitative financial risk management.
More at:
http://www.cerias.purdue.edu/news_and_events/events/calendar/cerias_event.php?uid=dv5ber7s1fr9danr93qr8mugng@google.com
More information about the FDE
mailing list