Digital Common Sense

I’m behind on reading and would haven’t caught this article today if Bruce Schneier hadn’t mentioned it.

On any given day, we CSOs come to work facing a multitude of security risks. They range from a sophisticated hacker breaching the network to a common thug picking a lock on the loading dock and making off with company property. Each of these scenarios has a probability of occurring and a payout (in this case, a cost to the company) should it actually occur. To guard against these risks, we have a finite budget of resources in the way of time, personnel, money and equipment—poker chips, if you will.

If we’re good gamblers, we put those chips where there is the highest probability of winning a high payout. In other words, we guard against risks that are most likely to occur and that, if they do occur, will cost the company the most money. We could always be better, but as CSOs, I think we’re getting pretty good at this process. So lately I’ve been wondering—as I watch spending on national security continue to skyrocket, with diminishing marginal returns—why we as a nation can’t apply this same logic to national security spending. If we did this, the war on terrorism would look a lot different. In fact, it might even be over.

Read the whole essay here.

The best quote was the sidebar - “CSOs know how to best allocate available resources to guard against the most likely threats. We should be vocal about the need to apply that same logic to our nation’s security.”

Welcome to my world. I do the work for free. I get paid to worry.

And to rescue the twelve o’clock flashers…

Filed by Ken at 7:46 pm under General