• Performed my first web crawl with Nutch… I am feeling more like IST every day! #

Powered by Twitter Tools

Send article as PDF to

• Baby today… Should be interesting… #
• Definitely baby today… In Labor and Delivery now… Hope to be done by 8pm… #
• The delivery room is right across from the coffee machine… And there is a new pot brewing… WIN #
• Showtime in 5… Baby will be born before 7pm (we think)… No 3 seems so much easier… #
• This is the pic taken very soon before baby… Everyone is in good spirits here at Mt Nittany… http://twitpic.com/163yny #
• Water broke… Any minute now… room is getting setup for action… #
• Baby time… #
• Officially outnumbered… http://twitpic.com/1649l7 #
• Katie Mei McGill… Born 7:35p, 1 Mar 2010 http://twitpic.com/164aeo #
• Nothing beats postpartum cranberry juice and graham crackers… #
• Some specs… 5lb 7oz, length = 19+ inches, lots of hair, very cute, VERY HUNGRY (poor Jinny), getting a bath as we speak… #
• Now that the fun is over, gotta get ready for teaching in the morning… #
• Ah… My truck isn't big enough to accomodate me, myself and our three kids (w/ car seats)… What to do outside of getting a minivan? #
• Two kids in diapers… Sucks. #
• Katie's first appt checks out ok… Good to go for two more weeks… All is better than well so far… #

Powered by Twitter Tools

Send article as PDF to

• For a limited time we won't use chemicals to sweeten our drinks… http://twitpic.com/zexcd #

Powered by Twitter Tools

Send article as PDF to

• This is the year that will make or break me (more likely the former, I hope…)… #
• When will @mightcould come to central PA? Their sounds are awesome and great for late night writing… #

Powered by Twitter Tools

Send article as PDF to

• Sipping on my last espresso doppio in Milan before heading back to the states… Italy is truly my favorite vacation place… #
• Wow… getting home from Milan really sucked… I mean, it was truly awful… travel to the US from Europe is really a pain these days… #
• After Friday, I will be taking a four month break from traveling… traveling anywhere, especially to DC, is such a drag on time and energy #
• USAirways lost my son's stroller… guess who had to carry his squirmy 25lb body for 2 hours on the hot, overcrowded customs line at PHL? #
• Whoah… there is some sort of debate thing happening on my Facebook wall… should I intervene? What should I do? #
• One of yesterday's speakers had a heart attack right before she was going to answer a colleague's question… I hope she is all right now… #

Powered by Twitter Tools

Send article as PDF to

• Might Could is an awesome band… http://bit.ly/8d2tJq … their albums are available on iTunes… good for late night risk analysis… #
• Why do I always get stuck working on a short-fused project during the holiday season? It seems I will be working up until my flight to Italy #

Powered by Twitter Tools

Send article as PDF to

I typically come across a few excellent quotes that really resonate with what I am presently thinking about whenever I go on a paper reading binge.  Here are some interesting ones that I found recently:

Every year (or, perhaps, every day), some new industry or institution discovers that it, too, has a risk problem.  It can, if it wishes, repeat the learning process that its predecessors have undergone.  Or, it can attempt to short-circuit that process, and start with its product, namely the best available approaches to risk communication. – Baruch Fischhoff (1995)

Contemporary approaches to disaster reduction need to become more concerned with human-to-human relations, such as conflict resolution and consensus building among people, rather than human-to-nature relations. – Katsuya Yamori (2008)

References

Fischhoff, G. (1995). “Risk Perception and Communication Unplugged: Twenty Years of Process.” Risk Analysis, Vol. 15, No. 2, pp. 137-145 (doi link).

Yamori, K. (2008). “Narrative Mode of Thought in Disaster Reduction: A Crossroad for Narrative and Gaming Approaches.” in Sugiman, T., Gergen, K. J., Wagner, W. and Yamada, Y. eds. Meaning in Action: Constructions, Narratives and Representations.  Springer, pp. 241-252 (doi link).

Send article as PDF to

Lecture 11 was really not a lecture at all.  Instead we had the luxury of hosting recruiters from the National Security Agency.  Unfortunately, I was out of town on travel to a conference in New York City (the International Studies Association Annual Convention).  But my understanding is that the NSA reps provided a good overview of the agency and career opportunities.  This is good since many of our students in IST desire to start their careers in the Intelligence Community, with NSA often being a top choice among the variety of alternative agencies.

Send article as PDF to

Lecture 5 was one of my favorites.  The topic was structured brainstorming, in particular the divergent/convergent thinking technique described in both the CIA and DIA analytic tradecracft primers (both of which are unclassified, and can be obtained by joining IAFIE, contacting the public relations offices of the respective agencies, etc.).  I teach structured brainstorming in my risk analysis course because, as often cited by risk scholars, the first step in any risk analysis is to imagine (read “brainstorm”) answers to the question “what can go wrong?”

But before we got into the meat of lecture 5, we began class with a short quiz and a discussion of the day’s reading.  The paper for today was entitled “The Case for ‘Risk Awareness’” by Stevyn Gibson (Security Journal, Volume 16, pp. 55-64, doi: 10.1057/palgrave.sj.8340140).  As one might tell from the title and my preface to this post, the theme for the week is combating ignorance-induced vulnerability (which I argue is one of the biggest contributors to a person’s risk exposure).  The quiz asked for the purpose of Gibson’s article (“purpose” being one of the eight elements of though) and sought answers to five multiple choice questions focused on relevant aspects from set theory (e.g., what the word “possible means,” Venn diagrams, conditional exhaustiveness, and the distinction between open and closed-world assumptions). 

Moreover, consistent with this week’s theme of creating risk awareness, I showed off an “interesting” book that took the idea of creating risk awareness to the extreme.  The title of the book was An Introduction to Planetary Defense: A Study of Modern Warfare Applied to Extra-Terrestrial Invasion by Travis S. Taylor (a.k.a. “Doc” Travis) and collaborators (2006, ISBN: 978-1581124477).  An interesting book, indeed, though it is not without its flaws (some small, one or two VERY big – check out the one-star reviews on Amazon.com to see what I mean).

Now onto the meat of the lecture.  The focus of lecture 5 was on a generic building security risk analysis question adapted from problem 8E of Philip P. Purpura’s text Security and Loss Prevention, 5th edition (2007, ISBN: 978-0123725257 ).  The problem is shown in the SCRIBD window below. 

Building on the materials from lecture 4, the aim of this class was to apply structured brainstorming to identify a complete set of security events that might take advantage of one or more observed facility weaknesses.  The only technology we used for this in-class exercise was sticky notes (Office Depot brand) and empty wall space, window space, or an unused chalkboard.  My strategy for this exercise was to allow 20 minutes or so for unassisted team divergence, followed by me and my teaching intern walking around the room with our own pads of sticky notes interjecting random ideas to help spark creative thinking.  The activity finished with 10-15 minutes of convergence where each group was advised to settle on 5-6 broad classes of initiating security events.Of course, the event sets that the students came up with was by no means complete.  However, as I advised, this is ok so long as the students articulate what events they are leaving out and for what reasons.  This is the essence of a conditionally exhaustive set.

The only bad thing about this lecture was that it was the first lecture I gave at Penn State where I did not have my tablet PC available.  Unfortunately, I spilled hot coffee on my tablet, and now it doesn’t work at all.  The warranty doesn’t cover such damages either.  This “black swan” event totally forced me to reshape how I can go about delivering future lectures.  I suppose I have to use the white board and black boards more often now!

Send article as PDF to

Today was a really information-packed lecture.  Perhaps the most dense lecture I ever gave.  I did this because I really want to get the basic concepts out on the table now so I can spend most of the next few weeks making sense of these concepts.  Here is my account of how the lecture went and what was covered:

I began the lecture with a little literature show and tell – I brought with me a book that I find to be a very good snapshot of the current state of practice of security risk management.  The book is by Michael Blythe and it is entitled Risk and Security Management: Protecting People and Sites Worldwide (2008, ISBN: 978-0470373057).  Personally, I decided not to use this book as a course text because it does little to address the mathematical basis of risk, does not provide much guidance on how to creatively reason about answer to risk questions, and doesn’t talk much about the more fundamental issues shaping risk communication (e.g., perception issues).  My stated goal, after all, is to build risk literacy and risk intuition.  However, this book really nails down how risk management is done in practice, to include what types of threats to look at, how to structure a site visit, how to construct a risk assessment report, etc.  So, at best this book is complementary to the materials of my course.  I highly recommend it to anyone wishing to learn more about how risk assessment is really done (but I must caveat that I do not necessarily endorse the way things are being done now as the way things should be done).

Consistent with one of my proposed changes for SRA 311 this semester, I introduced into today’s lecture several low stakes mini quizzes.  The first was a question about the definition of risk taken directly from the study guide for the Physical Security Professional (PSP) credential from the American Society for Industrial Security.  The second question related to the six questions of risk, and was taken from the Certified Information Systems Security Professional (CISSP) study guide by Shon Harris (6th edition, ISBN: 978-0-07-149786-2).  I think I will continue this trend into the semester.

The remainder of the course focused on some pretty basic concepts of risk, in particular:

• What is security?
• What is risk management for?
• What is a security context and why is it important?
• The Six Questions of Risk
• The risk triplet and the quantitative meaning of risk (or rather, mathematical phrasing of risk)
• Scoping a risk study (STEM+VR)

With some review and reflection, I think the students should now be able to at least articulate what a risk study is supposed to do.  In the latter part of next week we will start talking about what answers to the six questions of risk should look like.  But first we need to better understand the nature of uncertainty and ignorance, which is the theme of the next lecture.

Oh, and next time starts my weekly quizzes (of which there are 14 this semester).  The topic: words, definitions, questions, and scoping.  I am also having the students read a pretty good article “An Introduction to the Concept and Management of Risk” by James Matschulat (an adjunct faculty member in the criminal justice department at the University of New Hampshire).  This [really good] article is part of an edited volume entitled National Security Issues in Science, Law and Technology (2007, CRC Press, ISBN: 1-57444-908-7).

Send article as PDF to