Schneier Talk at the British Computer Society

The MP3 of my March 21 talk at the British Computer Society -- on information security trends and economic considerations -- is on the Internet.

EDITED TO ADD (4/30): Ogg file here.

Posted on April 28, 2007 at 2:05 PM • 12 Comments


DingDongApril 28, 2007 4:23 PM

You must think my Saturdays are really shit. I'll listen anyways. Thanks.

nostromoApril 30, 2007 3:58 AM

A pity that an organization like the BCS would publish a talk in the (proprietary, patent-encumbered) mp3 format, rather than in ogg format, which is technically slightly better, not encumbered by patents, and for which free (as in freedom) player software is available for all platforms.

Jim PhelpsApril 30, 2007 8:46 AM

I tried to record an mp3, speaking only Bruce Schneier's Social Security number, and my computer self destructed.

David BaronApril 30, 2007 11:36 PM

What you describe (about 33 minutes in) as "annualized loss expectancy" seems to me to be a bad way of determining how much to spend on security. The goal should be spending on security to maximize expected benefit minus cost, not spending to make the total cost equal the total expected benefit (which makes the net benefit zero). Benefit minus cost (which I also called net benefit) is maximized when marginal expected benefit equals marginal cost. (Perhaps "expected benefit" is an odd way to describe "expected loss prevented", it makes the description apply to more than just security.)

Ed YatesMay 14, 2007 5:32 AM

There were some people at the end of this during the questions who were talking about some sort of opensource E-cash thing. Did anyone happen to catch the URL for their effort?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Security.