The Department of Defense refers to network security as "Information Assurance" (IA) - the idea being that appropriate network security implementation will result in assured access to the information and networks needed by America's warfighters. Information Assurance protocols are governed by the Defense Information Systems Agency (DISA), with additional influence from U.S. Cyber Command and the National Institute for Standards and Technology (NIST) Computer Security Resource Center (CSRC). DoD and NIST guidance informs similar standards in private industry, and vice versa.
Network security is built on the "CIA Triad": Confidentiality, Integrity, and Availability. Generally speaking, Availability constitutes the ability to access data easily. Confidentiality involves restricting access to only the intended audience. Integrity requires that the data being accessed is free from external tampering. In a secure system, availability is typically sacrificed for the benefit of Integrity and Confidentiality; in less secure systems, Availability is optimized at the cost of Confidentiality and Integrity.
With all of that in mind, I found this item at Failblog both amusing and extremely topical. This touches on all three legs of the CIA Triad. Depending on where the laptop in question was stolen from, the individual in question may have been emphasizing Availability at the cost of Confidentiality and Integrity. It also betrays a lack of appropriate backups on the part of the laptop's owner - a risk mitigation measure emphasized by DoD and NIST IA doctrine - to ensure that a catastrophic failure (or, in his case, a theft) doesn't result in a total loss of data Integrity and/or Availability.
If your data's important to you, back it up. In the case of this particular PhD candidate, the data was extremely important, and I can't imagine that the whole thing turned out well for him. As one of my former colleagues was fond of noting, if you can't maintain positive physical control of your assets at all times, then your system is not secure.
Thursday, June 27, 2013
Wednesday, June 26, 2013
Just for Fun: The Sporkful on War Zone Eating
This post is just for fun. Sometimes, I enjoy listening to The Sporkful podcast, which is about food. It's kind of an inside joke, as my perpetual boss once bought me a titanium spork, which replaced an MRE spoon I'd been using to eat lunch at work since I'd gotten there. (It may have actually been the second MRE spoon - those things are great, but they're not indestructible.) Anyway, a couple of months ago, The Sporkful did a pretty entertaining podcast on "War Zone Eating", and even though it's not directly related to risk management, I figured I'd share it in the "just for fun" category.
My own tenure overseas didn't involve a single MRE, much to my chagrin. However, an earlier era of my career involved a lot of MREs. My favorite tip for eating an MRE involves the packaging for most of your main courses. The packaging wants you to open it at the top, where there are two perforations. Resist that urge! Instead, turn the packaging ninety degrees, then take out your favorite blade - a KA-BAR will do the trick, but something smaller like a CRKT M4-02W is a lot better suited to the task - and cut along the long edge. This will make the "bowl" created by the opened foil pouch long and shallow, instead of deep and narrow. Guess which one is easier to get at with your MRE spoon? If you said "long and shallow", you're correct.
By the way, I can't recommend the titanium spork highly enough. It's unquestionably one of the best gifts I've ever received in my life. If you want to manage your risk of needing a great eating utensil under any circumstance, you can't go wrong with a titanium spork that fits into any day pack.
My own tenure overseas didn't involve a single MRE, much to my chagrin. However, an earlier era of my career involved a lot of MREs. My favorite tip for eating an MRE involves the packaging for most of your main courses. The packaging wants you to open it at the top, where there are two perforations. Resist that urge! Instead, turn the packaging ninety degrees, then take out your favorite blade - a KA-BAR will do the trick, but something smaller like a CRKT M4-02W is a lot better suited to the task - and cut along the long edge. This will make the "bowl" created by the opened foil pouch long and shallow, instead of deep and narrow. Guess which one is easier to get at with your MRE spoon? If you said "long and shallow", you're correct.
By the way, I can't recommend the titanium spork highly enough. It's unquestionably one of the best gifts I've ever received in my life. If you want to manage your risk of needing a great eating utensil under any circumstance, you can't go wrong with a titanium spork that fits into any day pack.
Tuesday, June 25, 2013
Liberal Arts Education Meets Risk Management
First and foremost, please allow me to apologize for the dearth of posts over the last few months. Between coursework, exams, my dissertation, and a bit of travel, it's was a busy semester. I have several items I hope to post here over the next few weeks, with content gradually increasing as I complete my time in Scotland. In the mean time, this post is inspired by a good friend of mine whom I'll call Friar Dave, who posted an article on Facebook today: Humanities Committee Sounds an Alarm. I posted the following comment (with a couple of edits for blog posting) based solely on the headline and Friar Dave's brief comment:
In no way are humanities and social sciences "endangered". There is no risk of STEM education "diminishing a huge source of the nation's intellectual strength". In fact, humanities and social sciences are luxuries that many employment-minded students can ill afford. Accusations that social sciences are frequently frivolous, and sometimes fraudulent, are entirely accurate. We are in an era of persistent scarcity. In times of plenty, people can afford to enroll in the humanities. In times of scarcity, they can't afford to do so because, unlike STEM or other directly applicable fields of study, humanities provide less guarantee of subsequent employment. There's your cause, and there's your effect.
The article cites some statistics. For example, in 1954, Harvard had a 36 percent humanities enrollment rate, while in 2012 that was down to 20 percent. That makes me wonder how many people they had majoring in computer science in 1954. One in five people majoring in humanities at Harvard doesn't strike me as particularly alarming, and the fact that only 7.6 percent of bachelor's degrees were awarded in humanities in 2010 seems like correlation to me, not causation. Conversely, the article lists President Obama and Governor Romney, among others, as distinguished individuals who studied social sciences and/or humanities. President Obama and Governor Romney both went to Ivy League schools, which means that it really doesn't matter what they studied; both grew up in wealthy families (despite President Obama's campaign rhetoric, he went to an exclusive preparatory school, and the grandmother who raised him on behalf of his largely absent mother was vice president of a bank). Bill Gates is frequently cited as a successful college dropout - he dropped out of Harvard. One can't compare folks like these to your average university student.
As insinuated by the article's paragraph referencing the National Science Foundation, a great deal of work in the social sciences is nakedly partisan in nature, and even more of it is conducted for the sake of pure knowledge - this is to say, without any realistic expectation of practical applicability - and that's a problem. A great example of this, regardless of your take on any of these issues, is the controversy over the course of the last decade surrounding the employment of social scientists, particularly anthropologists, by the military's Human Terrain System (HTS). American anthropologists, either in universities or otherwise, are largely dependent upon government largesse of one sort or another. However, when the federal government sought out social scientists to assist with the campaigns in Afghanistan and Iraq, the American Anthropological Association stonewalled, citing academic integrity concerns. (In fact, anthropology is a left-leaning community, and the AAA was legitimately criticized for using academic integrity as a justification for refusing to assist an administration and war effort that they had already opposed.) Those social scientists who elected to participate in the HTS have found themselves blackballed by the academic establishment. This raises the very legitimate question: if social science can't or won't be applied to solve national challenges, what justification is there to spend taxpayer dollars to underwrite the education and employment those social scientists?
The report's endorsement of the Common Core, and the article's discussion of research versus teaching, betrays the report's underlying purpose. Many of those folks on the Humanities Commission benefit from the equivalent of corporate welfare from the federal government, and they're worried that in an era of austerity, their corporate welfare will be reduced or eliminated because both politicians and constituents see humanities and social sciences as a non-productive investment that doesn't improve employability in the modern economy, or serve other national political purposes. The report is an effort to protect that corporate welfare, so that professors can keep pursuing both productive and frivolous research, funded at taxpayer expense, and commensurate with the "Common Core" concept (at my alma mater, it was called the baccalaureate core, but the concepts are essentially the same) that requires every university student to take something along the lines of half of their courses from departments that have nothing to do with their major. For example, as an undergraduate, one of my requirements for graduation was to take a course from a category in which all of the offerings were focused on denigrating caucasian males. In my own opinion, the course I took was a waste of more than thirty hours of my life that I'll never get back; but it justified keeping a professor employed, and allowed her to continue her entirely partisan and, in my opinion, socially divisive, research.
Note: For what it's worth, I ended up taking a mix of both invaluable and non-valuable courses to satisfy these requirements; by contrast, the British system involves very little study outside your chosen discipline. There are benefits and drawbacks to each approach, but on the balance, I think that some course diversity is a good thing. The question, then, is whether or not the current prevailing system in American education does a good job of providing students with a well-rounded education, or merely provides corporate welfare to the academic industrial complex. That's another discussion for another day.
So, what does all of this have to do with risk management? The connections are tenuous, but the issues raised demonstrate two major concepts: risk management itself, and cost/benefit analysis.
At the personal level, enrolling in higher education involves assuming risks, mainly financial, with the expectation of an eventual payoff in improved employability and earning potential. When one makes the decision to enroll, doing so in humanities and social sciences - otherwise referred to as the liberal arts - involves a greater amount of risk than, say, enrollment in a radiology program, or vocational training to become a plumber or an electrician. In contemporary American education, and coupled with the seemingly perpetual sluggishness of the global economy, the role of cost in general, and student loans in particular, also comes into play. People pursuing higher education have to ask themselves: if I'm going to commit to paying ABC for an XYZ credential, what is the risk of not finding a job in that degree field when I finish it? What is the risk of being in a worse financial situation at the end of the program than I was at the beginning of the program? In the case of liberal arts degree programs, there are few direct ties between those programs and post-graduation employment in the way that a degree in a STEM discipline, or accounting, or the medical field, or a variety of other programs ties into a specific post-graduation vocation.
Conversely, one can approach it from a cost/benefit analytical perspective. At the national level, policy-makers must consider the political benefits relative to the financial and opportunity costs of spending taxpayer funds on subsidies for particular academic programs. As I mentioned with the HTS, it seems that the federal government may be concerned - and rightly so - with the lack of benefit from subsidies for the liberal arts relative to their current cost, particularly at a time in which federal expenditures are under increased scrutiny from policy-makers due to increased disillusionment in the electorate over federal fraud, waste, abuse, and mismanagement. At the personal level (as insinuated in that last paragraph), people must consider whether the benefit of a particular degree program will justify its cost - again, also considering the state of the economy and the extenuating financial circumstances brought on by the use of student loans.
One of the equalizing factors is the flexibility of a liberal arts degree. For example, a student graduating with a bachelor of science in accounting has a good chance of finding employment as an accountant due to the objective standard with which such a degree is awarded. By contrast, a student graduating with a bachelor of arts in history is less apt to find work in a job directly related to the study of history; however, the skills provided by such a degree are more adaptable to positions which don't involve specific vocational training. Because the liberal arts tend to be a more subjective field, there's a bit more room for flexibility when considering a history graduate's credentials and background.
So, let's say that you have a liberal arts degree, or intend to pursue one. How can you mitigate some of these risks? Being a liberal arts degree holder myself, I've consistently found that having what I call a "gimmick" has helped me immensely. In my case, it's my Arabic language skills and my military connection, which involve skills that are both scarce and in high demand. One of my best friends got a liberal arts degree and had a prior employment background in public safety, and quite easily found employment in law enforcement. Still other friends have been able to combine military experience with a liberal arts education and be accordingly successful. In the end, completing a degree of any kind demonstrates an ability to commit to finishing something, along with commensurate levels of maturity, intelligence, and aptitude. Since Western education has placed a sort of artificial ephasis on sending most high school graduates to bachelor's degree programs (often at the cost of viable and entirely appropriate vocational training programs), the already-contracting job market has been saturated with folks who meet these standards. The result is that liberal arts degree holders must take additional measures to make themselves stand out to recruiters and hiring managers.
Although these matters don't relate directly to security risk management, they speak to larger risk management concepts and cost/benefit analysis. This makes them valuable object lessons in some of the concepts that risk management specialists apply their skill sets to on a regular basis.
It's falling out of favor on campuses because it doesn't help people get jobs, and that's the point of "investing" thousands upon thousands of dollars in a bachelor's degree. We send too many people to universities already, and the ones who don't fail outright often drop to subjective and comparatively easy humanities majors when they can't hack a Science, Technology, Engineering, and Math (STEM) major, after which point they don't get any boost toward getting a job. There's also the little matter of the fact that we're in a continuing economic recession, and if someone's unemployed and decides to go back to school for a degree, they'll be less likely to enter a degree program like history, English, or philosophy that allows them to "find themselves" - they're going to take something more applicable to the job market in an effort to break the unemployment cycle.This post grew out of a list of points I was making in direct response to the article itself, so read the following section with that disclaimer in mind.
To give you an example from my own life, you're aware that I'm studying applied social sciences - military strategy - at the postgraduate level... with the realistic expectation that it will improve my ability to advance within the career field in which I've been working for several years now. I regularly interact with several anthropology MRes and PhD students who are quite open about the fact that they're pursuing degrees for which they will never find gainful or even productive employment. Why? Because we have a surplus of people studying the humanities, caused in large part by two factors: 1) sending too many people into university education, many of whom shouldn't be there in the first place; and 2) telling all of our children that they're winners who can and should do whatever they want, instead of giving them the cold, hard truth about how they'll need to fight themselves and compete against their peers in order to get ahead in this world.
In no way are humanities and social sciences "endangered". There is no risk of STEM education "diminishing a huge source of the nation's intellectual strength". In fact, humanities and social sciences are luxuries that many employment-minded students can ill afford. Accusations that social sciences are frequently frivolous, and sometimes fraudulent, are entirely accurate. We are in an era of persistent scarcity. In times of plenty, people can afford to enroll in the humanities. In times of scarcity, they can't afford to do so because, unlike STEM or other directly applicable fields of study, humanities provide less guarantee of subsequent employment. There's your cause, and there's your effect.
The article cites some statistics. For example, in 1954, Harvard had a 36 percent humanities enrollment rate, while in 2012 that was down to 20 percent. That makes me wonder how many people they had majoring in computer science in 1954. One in five people majoring in humanities at Harvard doesn't strike me as particularly alarming, and the fact that only 7.6 percent of bachelor's degrees were awarded in humanities in 2010 seems like correlation to me, not causation. Conversely, the article lists President Obama and Governor Romney, among others, as distinguished individuals who studied social sciences and/or humanities. President Obama and Governor Romney both went to Ivy League schools, which means that it really doesn't matter what they studied; both grew up in wealthy families (despite President Obama's campaign rhetoric, he went to an exclusive preparatory school, and the grandmother who raised him on behalf of his largely absent mother was vice president of a bank). Bill Gates is frequently cited as a successful college dropout - he dropped out of Harvard. One can't compare folks like these to your average university student.
As insinuated by the article's paragraph referencing the National Science Foundation, a great deal of work in the social sciences is nakedly partisan in nature, and even more of it is conducted for the sake of pure knowledge - this is to say, without any realistic expectation of practical applicability - and that's a problem. A great example of this, regardless of your take on any of these issues, is the controversy over the course of the last decade surrounding the employment of social scientists, particularly anthropologists, by the military's Human Terrain System (HTS). American anthropologists, either in universities or otherwise, are largely dependent upon government largesse of one sort or another. However, when the federal government sought out social scientists to assist with the campaigns in Afghanistan and Iraq, the American Anthropological Association stonewalled, citing academic integrity concerns. (In fact, anthropology is a left-leaning community, and the AAA was legitimately criticized for using academic integrity as a justification for refusing to assist an administration and war effort that they had already opposed.) Those social scientists who elected to participate in the HTS have found themselves blackballed by the academic establishment. This raises the very legitimate question: if social science can't or won't be applied to solve national challenges, what justification is there to spend taxpayer dollars to underwrite the education and employment those social scientists?
The report's endorsement of the Common Core, and the article's discussion of research versus teaching, betrays the report's underlying purpose. Many of those folks on the Humanities Commission benefit from the equivalent of corporate welfare from the federal government, and they're worried that in an era of austerity, their corporate welfare will be reduced or eliminated because both politicians and constituents see humanities and social sciences as a non-productive investment that doesn't improve employability in the modern economy, or serve other national political purposes. The report is an effort to protect that corporate welfare, so that professors can keep pursuing both productive and frivolous research, funded at taxpayer expense, and commensurate with the "Common Core" concept (at my alma mater, it was called the baccalaureate core, but the concepts are essentially the same) that requires every university student to take something along the lines of half of their courses from departments that have nothing to do with their major. For example, as an undergraduate, one of my requirements for graduation was to take a course from a category in which all of the offerings were focused on denigrating caucasian males. In my own opinion, the course I took was a waste of more than thirty hours of my life that I'll never get back; but it justified keeping a professor employed, and allowed her to continue her entirely partisan and, in my opinion, socially divisive, research.
Note: For what it's worth, I ended up taking a mix of both invaluable and non-valuable courses to satisfy these requirements; by contrast, the British system involves very little study outside your chosen discipline. There are benefits and drawbacks to each approach, but on the balance, I think that some course diversity is a good thing. The question, then, is whether or not the current prevailing system in American education does a good job of providing students with a well-rounded education, or merely provides corporate welfare to the academic industrial complex. That's another discussion for another day.
So, what does all of this have to do with risk management? The connections are tenuous, but the issues raised demonstrate two major concepts: risk management itself, and cost/benefit analysis.
At the personal level, enrolling in higher education involves assuming risks, mainly financial, with the expectation of an eventual payoff in improved employability and earning potential. When one makes the decision to enroll, doing so in humanities and social sciences - otherwise referred to as the liberal arts - involves a greater amount of risk than, say, enrollment in a radiology program, or vocational training to become a plumber or an electrician. In contemporary American education, and coupled with the seemingly perpetual sluggishness of the global economy, the role of cost in general, and student loans in particular, also comes into play. People pursuing higher education have to ask themselves: if I'm going to commit to paying ABC for an XYZ credential, what is the risk of not finding a job in that degree field when I finish it? What is the risk of being in a worse financial situation at the end of the program than I was at the beginning of the program? In the case of liberal arts degree programs, there are few direct ties between those programs and post-graduation employment in the way that a degree in a STEM discipline, or accounting, or the medical field, or a variety of other programs ties into a specific post-graduation vocation.
Conversely, one can approach it from a cost/benefit analytical perspective. At the national level, policy-makers must consider the political benefits relative to the financial and opportunity costs of spending taxpayer funds on subsidies for particular academic programs. As I mentioned with the HTS, it seems that the federal government may be concerned - and rightly so - with the lack of benefit from subsidies for the liberal arts relative to their current cost, particularly at a time in which federal expenditures are under increased scrutiny from policy-makers due to increased disillusionment in the electorate over federal fraud, waste, abuse, and mismanagement. At the personal level (as insinuated in that last paragraph), people must consider whether the benefit of a particular degree program will justify its cost - again, also considering the state of the economy and the extenuating financial circumstances brought on by the use of student loans.
One of the equalizing factors is the flexibility of a liberal arts degree. For example, a student graduating with a bachelor of science in accounting has a good chance of finding employment as an accountant due to the objective standard with which such a degree is awarded. By contrast, a student graduating with a bachelor of arts in history is less apt to find work in a job directly related to the study of history; however, the skills provided by such a degree are more adaptable to positions which don't involve specific vocational training. Because the liberal arts tend to be a more subjective field, there's a bit more room for flexibility when considering a history graduate's credentials and background.
So, let's say that you have a liberal arts degree, or intend to pursue one. How can you mitigate some of these risks? Being a liberal arts degree holder myself, I've consistently found that having what I call a "gimmick" has helped me immensely. In my case, it's my Arabic language skills and my military connection, which involve skills that are both scarce and in high demand. One of my best friends got a liberal arts degree and had a prior employment background in public safety, and quite easily found employment in law enforcement. Still other friends have been able to combine military experience with a liberal arts education and be accordingly successful. In the end, completing a degree of any kind demonstrates an ability to commit to finishing something, along with commensurate levels of maturity, intelligence, and aptitude. Since Western education has placed a sort of artificial ephasis on sending most high school graduates to bachelor's degree programs (often at the cost of viable and entirely appropriate vocational training programs), the already-contracting job market has been saturated with folks who meet these standards. The result is that liberal arts degree holders must take additional measures to make themselves stand out to recruiters and hiring managers.
Although these matters don't relate directly to security risk management, they speak to larger risk management concepts and cost/benefit analysis. This makes them valuable object lessons in some of the concepts that risk management specialists apply their skill sets to on a regular basis.
Subscribe to:
Posts (Atom)