Tuesday, October 30, 2007


Now, this started it. This continued it. This clarified it. All was fun (and insightful, that is for sure!) Some might say even paradigm-shifting. But...

It had a horrible, confusing, abysmal name!

Generally, I hate the bandwagon-jumping. But, Chris, the reason that you "received about a dozen emails suggesting that Information Survivability just focuses on availability" is that the word "survivability" does bring that to mind. It really does! In fact, it is more about "scrambling, half-starved proto-mammals" (courtesy of Rich here) than about "process and risk management."

Now, the ideas are all gold! :-) I loved the, bookmarked them, del.icio.us'ed them, etc. Technical "anti-x-style" security does seem to miss a lot of what you are talking about in the piece. More risk thinking needs to be brought in (however hard it might be). Indeed, "7/10 information security programs are focused on compliance and managing threats and vulnerabilities - they don't holistically integrate and manage [business] risk. " (changing the latter is waaaaay easier said then done though) More fun work is ahead, that is for sure!

So, next time you come up with a name for a revolutionary concept, check out the Pirate's Ship Name generator. According to it, the pirates, ya know, would call a ship "The Rage of the Sargasso Sea" or "Satan's Horror" or something scary. They wouldn't call it "The Floating Mattress" or "Bathtub of Dirty Water" now, would they? :-)

Dr Anton Chuvakin