[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: A response from CSI
From: Julian Assange <proff () suburbia ! net>
Date: 1996-06-26 0:02:07
[Download RAW message or body]
> Dear Mr. Assange,
>
> It is difficult to fathom the motivation or thought process behind your
> vitriolic, abusive posting regarding the "1996 CSI/FBI Computer Crime and
> Security Survey."
I re-read my posting regarding the CSI/FBI report, as at the time of its
writing I had a 40 degree fever due to an interesting virus I picked up
in Africa a few days ago (anyone want a copy?). I do recall being an a
rather irritated state and wondered if I had not let my anger get the
better of me on this issue.
It did not (though, interestingly enough I see a few semantically
unimportant prepositions and the occasional character were lost
somewhere in the journey between speech center and fingers).
I confirm that the report's inferences are fatally flawed due to the
shoddy research methodology used. If you were a student of mine doing a
postgrad thesis (in policy) and and you came to me or any other
unlabotimised supervisor with that sort of research as a chapter you
would find yourself studying elsewhere.
> eliciting any comment or clarification from CSI, I feel compelled to respond. The
> survey has received wide and serious attention from many people, including
> leading authorites on information security, law enforcement officials,
> information security practitioners in corporations, government agencies,
> universities and other organizations, as well as journalists from legitimate
> media (e.g, Wall Street Journal, Reuters, Knight-Ridder, CNN, etc.)
That is exactly what I was worried about.
Have you ever heard of Martin Rimm?
> FYI, several other recent studies conducted by Ernst and Young LLP, the American
> Society for Industrial Security, Michigan State University and the U.S. General
> Accouting Office all revealed a serious problem and reached similar conclusions.
I have had dealings with some of these (since we are doing the name
dropping thing, E&Y use my software for doing security audits). Infact,
if you are a LACC subscriber, you would have received some of the source
transcripts and testimony documents out of which the GAO report was
comprised. I wasn't particularly impressed with the very anecdotal GAO
report either. However the GAO's procedure is more open, in that it is
largely witness driven. This is a political reality of how the GAO works
and not one the CSI/FBI report can call on to save it.
The fact that another entity broadly reaches some vaguely similar
conclusions to those in the CSI/FBI report is totally irrelevant. The
writer who shows that 2 x 2 = 4 because n x n = n + n is still a fool
despite however many people independently show 2 + 2 = 4.
> allow me to quote from the preamble:
> "Does the CSI/FBI survey answer every question? No. Is it the final word? There
> never will be a final word. Is it "scientific"? No. But it is an extensive,
[...]
>
> Richard Power
> Computer Security Institute
It is flawed, dangerous, sloppy research and as such should simply
have been omitted. You went on to *draw conclusions* from it and others
went on to quote your statistics and I have no doubt it many naive,
hurried or stupid people are using it to create policy. Useless,
deceptive information like that under discussion is truly worse than no
information at all. The report as a whole is fatally flawed because of
the pathetic methodology used in one component. I don't have to analyse the
other components to know this. One is enough. Based on it I wouldn't
give the others the time of day.
--
"Of all tyrannies a tyranny sincerely exercised for the good of its victims
may be the most oppressive. It may be better to live under robber barons
than under omnipotent moral busybodies, The robber baron's cruelty may
sometimes sleep, his cupidity may at some point be satiated; but those who
torment us for own good will torment us without end, for they do so with
the approval of their own conscience." - C.S. Lewis, _God in the Dock_
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union |
|proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic