Tuesday, October 7, 2014

Dark Web Impressions

I've done a panel discussion on Digital Investigations in the Deep Web two weeks ago. It was very pleasant event in Milan. As always it seems to small time frame to address ideas and issues. As I'm not expert on deep web issues my research was done to define terminology and phenomenology.
For my deepest impression from this event I can put that for no-technical users fact that google can not reach all data on Internet comes as a surprise, with some sinister afterthoughts, there must be something bad because your web page is not indexed, you are hiding something.

Since event was with experts from various fields, many of them lawyers or law enforcement it is obvious that solid  definitions are needed with good understanding how www works. This is something to think about in sense of conservatism in Europe law education and trainign.

Thursday, October 2, 2014

Modeling in security investment



Just yesterday I've get again to browse trough SANS reading room newly posted articles, it is monthly task (usually) for me. One title catch my attention, even get pang of envy  :)

It is Modeling Security Investments With Monte Carlo Simulations remeber me on ongoing effort by my friend Biljana Petreska and her paper "Biljana R. Petreska, Tatjana D. Kolemisevska-Gugulovska: A fuzzy rate-of-return based model for portfolio selection and risk estimation. SMC 2010: 1871-1877".

We were often discussing how to adopt this model for presenting ROI for enterprise security investment, using SANS Critical Security Controls as technical inputs. Fuzzy modeling can probably better capture and predict but this is to try and prove, what is advantage is in presenting the security as portfolio of options ...

I was thinking of using my ancient tcl port of fuzzy tools but this is too old and there are better solution in python.