 |
| Image from Pixabay |
If
you are eating right now and have a bit of a delicate soul, you better save
this blog for after dinner. It has an, uh, sanitary approach. I try to keep it
as neat as possible.
About
five years ago, Dutch comedian Kasper van der Laan appeared on a couple of tv
shows. He made an interesting suggestion there to save toilet paper.
When you wipe your bottom, you continue until you see a clean piece of paper,
that's how his argument begins. But, according to Van der Laan, then your
buttocks were already clean. You could have stopped one wiping round earlier.
The big question now is: do you dare to gamble on it? Like, “I think I’m done here,”
in the comedian's words. Do you remember the sudden, unfounded fear that toilet
paper would run out during the covid pandemic? Perhaps there were more people
then who put Van der Laan's thought experiment into practice.
Using
toilet paper is – if I'm being a bit broad – a kind of security measure. It
protects you from skid marks, skin irritation and unpleasant odors. This
immediately raises the question of how other animal species deal with this,
especially with the second risk (the first does not apply and they will not
have to deal with the third as much). But come on, let me not digress. What Van
der Laan did here was a genuine risk analysis. And in view of the summer
holidays, in which many people have to go to a camping toilet, whether pleasant
or not, with a roll of toilet paper under their arm, and others will encounter
hotel paper in various qualities, it is urgent to work this out in more detail.
The
basic formula for risk analyses is: risk = likelihood × impact. In this toilet
case we play with likelihood: if you keep going until you produce a clean piece
of paper, the likelihood of skid marks is practically zero. If you put the idea
described above into practice, the likelihood will always be greater than zero.
But how much greater? That's difficult to determine, because you have to deal
with another variable: the, er, output. If it were always of the same quality,
you would know after a few swipes: after so many swipes it's done, so I can
switch to that many swipes minus one. But we all know that our biological
output can vary over time. For example, because of what you have eaten, because
of a different climate or because you are ill or nervous. The chance of an
incorrect assessment, and therefore also the chance that the risk will become reality,
is variable.
Estimating
the probability of an event which damages information security is in itself
difficult. We usually do a qualitative risk analysis, which means we use terms
such as low, medium and high. The counterpart is quantitative risk analysis,
which involves calculating with numbers - for example with statistical data for
the likelihood and with amounts for the damage. In all these analyses, the
probability is not a fixed factor, nor is it in the sanitary example. However,
most of the time we pretend that this is the case. And I don't think that
should be a problem with quantitative analyses, because the necessary margin is
already built into the terms used such as high and low.
However,
if you are in a situation where the odds can go either way, you will have to
assume worst case. This may mean that the measures you take to deal with the
risk are 'too good' some of the time. After all, we do not strive for maximum,
but for optimal security – not too little, but also not too much. If you are
allowed to drive 30 km/h somewhere because of road works, that is fine, but if
no one is working at that moment, that measure feels unnecessarily strict.
What to
do? Do you tailor your measures to what the average is? Then you run the risk
that the measures are too weak at times. How bad that is depends on the impact
it may have. If the expected impact is acceptable, then you can do with a bit
less. But if that temporary speed limit is not only there to protect road
workers, but also because there is a large hole in the road, things are
different.
In
Japan they have toilets that make toilet paper redundant. You will be sprayed
clean and blown dry from within the bowl. And sometimes you can even play a
sound via the control panel to disguise certain typical bathroom sounds. They
have taken all risks into account and implemented smart measures.
The
Security (b)log will return after the summer holidays.
And in the big bad world...
- There is currently (Friday) a worldwide computer outage due to an incorrect update from a security company.
- there are also problems in the Microsoft cloud.
- it is a bad idea to connect a traffic light to the internet without security.
- The Trump shooter's phone was cracked within 40 minutes.
- we now know which phones Cellebrite can crack.
- the US Postal Service shared their customers' addresses with advertising and tech companies.
- the Dutch Data Protection Authority foresees a rat race around artificial intelligence. [DUTCH]
- a mistake of € 29,000 to your disadvantage will be corrected. [DUTCH]
- you also need to have your security in order if your name is Hackney (which, to Dutch people, sounds a bit like “don’t hack”).
- many Dutch government domains are still insufficiently secure. [DUTCH]
.jpg)
No comments:
Post a Comment