Re: [dssa] weekly status report
- To: DSSA WG <dssa@xxxxxxxxx>
- Subject: Re: [dssa] weekly status report
- From: "Mike O'Connor" <mike@xxxxxxxxxx>
- Date: Mon, 23 Apr 2012 07:39:41 -0500
yep! there are several things all wrapped together in these scenarios.
-- we'll want to look at normalizing these a bit -- there's a fair amount of
variation in the way that people approached the choosing and scaling of things
-- part of the magnitude problem comes from the sensitivity of the arithmetic.
each column can add an order of magnitude.
-- we have the "one size fits all?" puzzle to look at -- some of these
scenarios play out differently depending on what organizational vantage point
you're looking from
-- then there's the "where's the data?" question -- i think it's fair to say
that our evaluation in this first ("go fast") pass will have to be pretty
subjective, with the empirical data rolling in during "go deep"
what do people think of trying to iron the "normalizing" problem out with the
most massive amazing polling setup you've ever seen in Adobe Connect? i'm
thinking that we could just walk through each scenario (no more than a few
minutes on each), take an initial-reaction poll for each column, and see if we
can smooth out the swings a bit.
i think if we do that, we'd have to agree not to do anything but take that
first poll and note where we agree/disagree. debate would have to wait 'til
another day because i think in some cases those debates will take weeks or even
months (and may require going off after some data). but it would be helpful to
get a first-reaction sense-of-the-group about these, no?
what say you?
On Apr 23, 2012, at 6:55 AM, Jörg Schweiger wrote:
> Hi Mickey, all,
> not so much a comment on how you (Mikey) did summarizing but an
> observation possible as a result of your doing so. It seems like we have
> to make a pass through the defined scenarios as the thoughts/scales in
> peoples minds seem to differ quite substantially.
> Example: "Nation-state alternate root, cyber terrorism and DNS hacking"
> (line 9) in its description refers to a risk pretty much simular to the
> one stated in "Global, massive attack against a day zero vulnerability in
> DNS software ..." (line 39). Nevertheless the "calculated" overall risk
> differs some magnitudes. And now compare both cited risks to the risk of
> the DDOS scenario. Magnitudes again.
> Von: "Mike O'Connor" <mike@xxxxxxxxxx>
> An: DSSA WG <dssa@xxxxxxxxx>
> Datum: 21.04.2012 17:50
> Betreff: [dssa] weekly status report
> Gesendet von: owner-dssa@xxxxxxxxx
> hi all,
> hey! a status report with a red mark! neato. in this case i'd set a
> target to get to preliminary consensus on the "confidential information"
> draft on the call this week and we didn't get there. but we learned a lot
> and conversation has continued on the list. we'll be back with another
> try on the call this week. our slippery solution will be to publish it as
> "draft" if we can't get to consensus before Prague, but the conversation
> is good and the draft is definitely getting better so i'm calm.
> i've come up with a first-try at the "summary" worksheet we mentioned on
> the call, and have posted it to the Worksheets page on the wiki. it has
> two tabs because the columns for table I-5 (Adversarial risk scenarios)
> are slightly different than the ones in table I-6 (Non-Adversarial Risk
> Scenarios). i've also taken a really-preliminary try at clumping them.
> here's the link to the page (look down at the very bottom of the page for
> the spreadsheet -- dated 21-April-2012);
> [Anhang "DSSA Status report 49 Sheet1.pdf" gelöscht von Jörg
> - - - - - - - - -
> phone 651-647-6109
> fax 866-280-2356
> web http://www.haven2.com
> handle OConnorStP (ID for public places like Twitter, Facebook,
> Google, etc.)
- - - - - - - - -
handle OConnorStP (ID for public places like Twitter, Facebook, Google, etc.)