Quantum Security

The May 2008 issue of TechNet Magazine is out. It has an article in it that I have been wanting to write for a long time, called Quantum Security. In it I posit the argument that there are some fundamental laws of security, similar to the laws of physics, which we must not ignore in our risk management practices. I also got to include a revised version of the age-old Annualized Loss Expectancy (ALE) equation. Anyone who has taken the CISSP exam should be familiar with ALE. I believe the equation in common use is outdated and fails to account for the modifications we make to systems when we apply security to them. To properly address risk we need an updated version of the ALE. The article includes the rationale.

 The article is available online, but I think the print version looks a lot nicer. Let me know what you think about it.

Published 22 April 2008 06:37 PM by jesper
Filed under: ,

Comments

# SJWK said on 24 April, 2008 09:12 AM

I enjoyed the article. I didn't see the phrase 'the law of unintened consequences' in the article. To trite perhaps?

# Hugo said on 03 May, 2008 08:43 AM

You can't add mitigation costs to ALE. If you do that, ALE value doesn't work the way it should.

What you can do, is compare ALE with mitigation costs and see if it is worth mitigation risk.

Leave a Comment

(required) 
(required) 
(optional)
(required)