My PhD thesis has been printed. A preview of the cover and a preview of the first 11 pages are available.
January 2007 Archives
The last couple of days, I have been having some discussion with colleagues about questions, such as "What is an incident?" and "When is an incident a security incident?"
We came up with the following set of rules-of-thumb:
1. If you know or suspect that the incident was caused intentionally, it is a security incident.
2. If you know or suspect that the incident affects your counter measures or security control systems, it is a security incident.
3. If you know or suspect that the incident constitutes a breach of compliance (e.g., a criminal act or a breache of corporate security policy, standards, guidelines or procedures), it is a security incident.
4. And finally, since the customer is always right, when a customer or other relevant party requests that the incident be handled as a security incident, it is to be treated as such.
While these guidelines can be useful in narrowing the focus of an incident to a security incident, it still has not answered the question what an incident really is.
Steve's post prompted me to look back at my first ever Amazon order:
October 12, 1998; a whole bunch of Dungeons and Dragons stuff. Ah; the first year after I graduated from college and had some money to spend :)
What was your first Amazon.com order? Log in, check Your Account > View your digital orders > recent orders and choose the olders year from the drop-down menu in the middle.
And of course, a shameless plug: 
The proofs for my PhD thesis are ready, which means that the book will be printed this week. If you are interested in my research and if you would like a copy of the book, please let me know and I will put you on the list.
