|
|
|
The Count is not the Thing Counted |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
The Count is not the Thing Counted Par 360 SecurityLe [2009-04-28] à 23:16:36
Présentation : In my independent study of Gregory Bateson and Alfred Korzybski I truly understood for myself that the name is not the things named or as some would say the map is not the territory. I call your attention to this manner of thinking because we have a problem with metrics in that the count is not the things counted. Many metrics for risk and compliance describe beautiful mathematical formulas but only see a limited success because the classification of the things being counted is narrowly understood. This blog posting makes the assertion that our problem with effective metrics is not one of numbers but one of semantics; not of the counts but of the things counted. The things being counted must be named, defined, and ultimately understood by a community of practice. The very act of naming is an act of mapping or classification; it comes with a certain level of precision and consequences. A useful classification standard for one community may be useless for another. To the degree that this mapping or classification is common with others in your community of practice, you achieve a mutual semantic coherence (some call this objectivity but I reject that term). The durability of a set of metrics is challenged when multiple communities of practices are asked to engage in a common objective for the business. Such is the case when one proposes a standard terminology and metrics that apply across a large enterprise consisting of multiple communities of practice and diverse personas. To be useful one must know what these metrics mean and to be able to draw inferences from experience. A measurement system must be judged on the notion of ?usefulness to a community of practice? and this scoping must be made explicit. The utility is a function of the audience?s ability to draw inference from the counts and things counted. Let me share with you an example I experienced with my Toronto team. I said to one of my Canadian coworkers ?Dude, it was in the 90?s in San Francisco today?. A blank face appeared as I saw him think and convert this implicit 90 degrees Fahrenheit to Celsius ((F ? 32) x 5/9) because he could not draw an inference from Fahrenheit. Inferences like it being weather for shorts, no jacket required, that it is odd for San Francisco to have a high of 32 Celsius, that homes in San Francisco don?t have AC because it is never that hot and so on and so on. When you look at the notion of temperature, you can see that the different communities have chosen different standards because of the way they have come to know those units and it is more about the semantics than the mathematics. This becomes exponentially more difficult when the syntax is the same but the semantics vary. Take terms like ?asset? or ?platform? and you can fill a page with what it means in certain context with certain communities even within the same enterprise. Each community of practice has come to know the term ?asset? in very different ways; this person has encoded work and meaning in ways that are different than others. While mathematics remains important, we must turn our focus to formal ways to share semantics. Only then can we share both the numbers (the count) within their intended context (the things counted); semantics that can only be seen through a keen ethnographic eye that respects heterogeneous sense-making and the diverse viewpoints of an enterprise.
Les derniers articles du site "360 Security" :
- Microsoft Enables Drive-By Downloads in Firefox
- Adobe Responds To Criticisms About Its SDLC
- FBI Citizens' Academy, Week 5
- Some Thoughts on the OWASP Top Ten
- Why Common Risk Scores Matter
- May Patch Tuesday - Fear Not the 14 CVEs
- FBI Citizens' Academy, Week 4
- RSA 2009 Recap
- The Count is not the Thing Counted
- RSA Virtualization Security Panel Review
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
