Twitter Weekly Updates for 2010-03-14
Sunday, March 14th, 2010- Performed my first web crawl with Nutch… I am feeling more like IST every day! #
Powered by Twitter Tools
Powered by Twitter Tools
Powered by Twitter Tools
Powered by Twitter Tools
Powered by Twitter Tools
Powered by Twitter Tools
Powered by Twitter Tools
I typically come across a few excellent quotes that really resonate with what I am presently thinking about whenever I go on a paper reading binge. Here are some interesting ones that I found recently:
Every year (or, perhaps, every day), some new industry or institution discovers that it, too, has a risk problem. It can, if it wishes, repeat the learning process that its predecessors have undergone. Or, it can attempt to short-circuit that process, and start with its product, namely the best available approaches to risk communication. – Baruch Fischhoff (1995)
Contemporary approaches to disaster reduction need to become more concerned with human-to-human relations, such as conflict resolution and consensus building among people, rather than human-to-nature relations. – Katsuya Yamori (2008)
References
Fischhoff, G. (1995). “Risk Perception and Communication Unplugged: Twenty Years of Process.” Risk Analysis, Vol. 15, No. 2, pp. 137-145 (doi link).
Yamori, K. (2008). “Narrative Mode of Thought in Disaster Reduction: A Crossroad for Narrative and Gaming Approaches.” in Sugiman, T., Gergen, K. J., Wagner, W. and Yamada, Y. eds. Meaning in Action: Constructions, Narratives and Representations. Springer, pp. 241-252 (doi link).
Lecture 11 was really not a lecture at all. Instead we had the luxury of hosting recruiters from the National Security Agency. Unfortunately, I was out of town on travel to a conference in New York City (the International Studies Association Annual Convention). But my understanding is that the NSA reps provided a good overview of the agency and career opportunities. This is good since many of our students in IST desire to start their careers in the Intelligence Community, with NSA often being a top choice among the variety of alternative agencies.
Lecture 5 was one of my favorites. The topic was structured brainstorming, in particular the divergent/convergent thinking technique described in both the CIA and DIA analytic tradecracft primers (both of which are unclassified, and can be obtained by joining IAFIE, contacting the public relations offices of the respective agencies, etc.). I teach structured brainstorming in my risk analysis course because, as often cited by risk scholars, the first step in any risk analysis is to imagine (read “brainstorm”) answers to the question “what can go wrong?”
But before we got into the meat of lecture 5, we began class with a short quiz and a discussion of the day’s reading. The paper for today was entitled “The Case for ‘Risk Awareness’” by Stevyn Gibson (Security Journal, Volume 16, pp. 55-64, doi: 10.1057/palgrave.sj.8340140). As one might tell from the title and my preface to this post, the theme for the week is combating ignorance-induced vulnerability (which I argue is one of the biggest contributors to a person’s risk exposure). The quiz asked for the purpose of Gibson’s article (“purpose” being one of the eight elements of though) and sought answers to five multiple choice questions focused on relevant aspects from set theory (e.g., what the word “possible means,” Venn diagrams, conditional exhaustiveness, and the distinction between open and closed-world assumptions).
Moreover, consistent with this week’s theme of creating risk awareness, I showed off an “interesting” book that took the idea of creating risk awareness to the extreme. The title of the book was An Introduction to Planetary Defense: A Study of Modern Warfare Applied to Extra-Terrestrial Invasion by Travis S. Taylor (a.k.a. “Doc” Travis) and collaborators (2006, ISBN: 978-1581124477). An interesting book, indeed, though it is not without its flaws (some small, one or two VERY big – check out the one-star reviews on Amazon.com to see what I mean).
Now onto the meat of the lecture. The focus of lecture 5 was on a generic building security risk analysis question adapted from problem 8E of Philip P. Purpura’s text Security and Loss Prevention, 5th edition (2007, ISBN: 978-0123725257 ). The problem is shown in the SCRIBD window below.
Building on the materials from lecture 4, the aim of this class was to apply structured brainstorming to identify a complete set of security events that might take advantage of one or more observed facility weaknesses. The only technology we used for this in-class exercise was sticky notes (Office Depot brand) and empty wall space, window space, or an unused chalkboard. My strategy for this exercise was to allow 20 minutes or so for unassisted team divergence, followed by me and my teaching intern walking around the room with our own pads of sticky notes interjecting random ideas to help spark creative thinking. The activity finished with 10-15 minutes of convergence where each group was advised to settle on 5-6 broad classes of initiating security events.Of course, the event sets that the students came up with was by no means complete. However, as I advised, this is ok so long as the students articulate what events they are leaving out and for what reasons. This is the essence of a conditionally exhaustive set.
The only bad thing about this lecture was that it was the first lecture I gave at Penn State where I did not have my tablet PC available. Unfortunately, I spilled hot coffee on my tablet, and now it doesn’t work at all. The warranty doesn’t cover such damages either. This “black swan” event totally forced me to reshape how I can go about delivering future lectures. I suppose I have to use the white board and black boards more often now!
Today was a really information-packed lecture. Perhaps the most dense lecture I ever gave. I did this because I really want to get the basic concepts out on the table now so I can spend most of the next few weeks making sense of these concepts. Here is my account of how the lecture went and what was covered:
I began the lecture with a little literature show and tell – I brought with me a book that I find to be a very good snapshot of the current state of practice of security risk management. The book is by Michael Blythe and it is entitled Risk and Security Management: Protecting People and Sites Worldwide (2008, ISBN: 978-0470373057). Personally, I decided not to use this book as a course text because it does little to address the mathematical basis of risk, does not provide much guidance on how to creatively reason about answer to risk questions, and doesn’t talk much about the more fundamental issues shaping risk communication (e.g., perception issues). My stated goal, after all, is to build risk literacy and risk intuition. However, this book really nails down how risk management is done in practice, to include what types of threats to look at, how to structure a site visit, how to construct a risk assessment report, etc. So, at best this book is complementary to the materials of my course. I highly recommend it to anyone wishing to learn more about how risk assessment is really done (but I must caveat that I do not necessarily endorse the way things are being done now as the way things should be done).
Consistent with one of my proposed changes for SRA 311 this semester, I introduced into today’s lecture several low stakes mini quizzes. The first was a question about the definition of risk taken directly from the study guide for the Physical Security Professional (PSP) credential from the American Society for Industrial Security. The second question related to the six questions of risk, and was taken from the Certified Information Systems Security Professional (CISSP) study guide by Shon Harris (6th edition, ISBN: 978-0-07-149786-2). I think I will continue this trend into the semester.
The remainder of the course focused on some pretty basic concepts of risk, in particular:
With some review and reflection, I think the students should now be able to at least articulate what a risk study is supposed to do. In the latter part of next week we will start talking about what answers to the six questions of risk should look like. But first we need to better understand the nature of uncertainty and ignorance, which is the theme of the next lecture.
Oh, and next time starts my weekly quizzes (of which there are 14 this semester). The topic: words, definitions, questions, and scoping. I am also having the students read a pretty good article “An Introduction to the Concept and Management of Risk” by James Matschulat (an adjunct faculty member in the criminal justice department at the University of New Hampshire). This [really good] article is part of an edited volume entitled National Security Issues in Science, Law and Technology (2007, CRC Press, ISBN: 1-57444-908-7).