Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Firefly Squid Lighting Up a Japanese Beach |
| Sponsor-Only Security at the 2012 London Olympics »
April 28, 2007
Schneier Talk at the British Computer Society
The MP3 of my March 21 talk at the British Computer Society -- on information security trends and economic considerations -- is on the Internet.
EDITED TO ADD (4/30): Ogg file here.
Posted on April 28, 2007 at 2:05 PM
• 12 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
You must think my Saturdays are really shit. I'll listen anyways. Thanks.
Thanks a lot.
I am truly happy that the mp3 is published in the internet.
A pity that an organization like the BCS would publish a talk in the (proprietary, patent-encumbered) mp3 format, rather than in ogg format, which is technically slightly better, not encumbered by patents, and for which free (as in freedom) player software is available for all platforms.
I tried to record an mp3, speaking only Bruce Schneier's Social Security number, and my computer self destructed.
everyone uses mp3. get over it.
Jack Valenti doesn't use MP3.
What you describe (about 33 minutes in) as "annualized loss expectancy" seems to me to be a bad way of determining how much to spend on security. The goal should be spending on security to maximize expected benefit minus cost, not spending to make the total cost equal the total expected benefit (which makes the net benefit zero). Benefit minus cost (which I also called net benefit) is maximized when marginal expected benefit equals marginal cost. (Perhaps "expected benefit" is an odd way to describe "expected loss prevented", it makes the description apply to more than just security.)
There were some people at the end of this during the questions who were talking about some sort of opensource E-cash thing. Did anyone happen to catch the URL for their effort?
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.