2011 Verizon Cyberattack Report Published

First saw this on Computerworld, but the Verizon 2011 Cyberattack Report is out.  One of the big takeaways is that they estimate 97% of the attacks were avoidable without the need for “difficult or expensive countermeasures”.  This seems completely plausible to me, especially since the human element is such a large and vulnerable component of an information security strategy, and because it seems that it is often easier for organizations to throw money at a problem and expect it to go away then to spend the time to really analyze the situation and monitor it on a recurring basis.  But information security (much like EM) is a process, not a product.

Tough economic times, tough decisions in EM

In the EM class I’m taking, we’ve talked about agenda building and policy in relation to emergency management.  A natural but unfortunate part of the process is that as the public’s focus turns elsewhere, programs begin to decline.  In emergency management, lack of a particular type of incident tends to undermine focus.  In difficult economic times, that decay manifests even quicker.  Cases in point:

All these points have me thinking about the problem from a different angle, and I hope to discuss it further here in the near future.