Archive for the ‘X Prize’ category

« noFUD – No Fear Uncertainty or Doubt home page

Response to InfoSec X Prize Part 1

March 4, 2009

So I’ve been quite amazed by the amount of discussion and feedback i have received from colleagues and peers on my original post on creating fundamental change through competition. I will be posting some of the written replies that I received and which people have kindly consented to having me post.

Here is a response sent to me by my friend Olav Opedal with Microsoft’s Information Security group:

I believe the change has already happened, but you haven’t seen much of it translated into off the shelf products. The change that I see, is based on the use of applied mathematical solutions found in other science branches, such as using power-law distributions describing social networks to define who should have access to what along with physics heat models applied to network traffic. With this, I mean using real time multi-dimensional analysis of network traffic, user actions, content and context of transmissions etc to determine a probability of appropriateness of the actions. In other words using mathematical models to find the change point as soon as possible, and discard anomalies that has little effect on the CIA triangle. One thing that is clear, is that information must be given an economic value to enable a decision point to be set for action versus inaction.

So does all information need to be given economic value? If so, can all information be given economic value? This is an interesting train of thought to follow.

- Akshay

If you like this post, Subscribe in a reader

Categories: Innovation, Security, X Prize

Comments: Be the first to comment

The InfoSec X Prize: Fundamental Change Through Competition

January 22, 2009

Today I had a thought provoking conversation with Dr. Peter Diamandis, Chairman and CEO of Zero Gravity Corporation & X Prize Foundation, on radical & fundamental change. Change that advances the status quo rather than relying on incremental change for gradual advance.

Arguably the Ansari X Prize (and others in the hopper) have achieved some breakthrough successes. Most notable achievements of the X Prize are:

  • Achieving fundamental advancement in technology using competition driven philanthropy
  • High rate of investment with respect to prize money. An example Diamandis provided was $100 million invested in Ansari X prize for a $10 million prize
  • Booster to commercial adoption resulting from the advancement made. An example is the rapid kick start of transatlantic commercial air services after Lindbergh’s successful attempt at the Orteig Prize in 1927

Now this brings me to a theme of recurrent conversation between my friend Eric Rachner and I. It is my belief that there has not been a fundamental change in the field of information security in the last decade. Sure things have become better, people are more aware, tools are easier & more reliable & dozens of new vulnerabilities are being found everyday. A thinking practitioner of the craft will reflect and agree that though there have several neat innovation like the vulnerability marketplace, security development lifecycle etc., most of the effort is spent chasing technical bits & byte issues. Once, as we walked over to get dinner, Microsoft’s InfoSec Director Chris H. expressed this sentiment concisely for me, “Organizations have to constantly fight to demonstrate miniscule changes in their risk meter.”

So I got to thinking, what would constitute a fundamental change in infosec. Something worthy of an X prize (or a mini version of the X prize for sake of argument). Before I go into my idea, let me qualify that security being a state of a system, a conversation about it would be incomplete without defining the system. “Achieving security” is like aspiring to a noun. So here is my first stab at a problem worthy of the InfoSec X Prize

To win the InfoSec X Prize a  team must successfully create a system that will in real time analyze security alerts from the world’s largest internet retailer and  take corrective response with an accuracy rate of 99% when compared 10 man years of manual analysis by InfoSec experts.

I will be coming up with additional X Prize ideas and post them periodically. I would be very interesting in knowing what solution you consider worthy of such a prize. Drop me a note and remember that the following constraints would apply to the solution worthy of the Infosec X Prize  :

  • Must be achievable between 5-8 years of X Prize being instituted
  • Non-government/private organizations should be able to develop the solution
  • Solution should represent a revolutionary change in field of information security

- Akshay

Categories: Application Security, Business, Finance, Innovation, Leadership, Research, Security, Strategy, X Prize

Comments: Be the first to comment

Follow

Get every new post delivered to your Inbox.