Firewall Wizards mailing list archives
Re: Re: Flawed Surveys [was: VPN endpoints]
From: "Bruce B. Platt" <bruce () ei3 com>
Date: Wed, 01 Sep 2004 17:22:06 -0400
Tina Bird wrote:
I left a long passage from your post so I can point out that a respected method of research is in the use of "unobtrusive measures". One measures the popularity of a museum exhibit not by counting the people who walk in to stand in front of it, but rather by measuring the wear in the floor (or floor covering) caused by the visitors and then measuring that against a known scale of wear tendencies.It's not science, but I'm not sure that matters. What I'm hearing is: - "people" are curious about "other people's" attitudes toward security (where "people" and "other people" are deliberately vaguely defined) - "people" think that asking questions and collecting answers is a good way to collect information about the question --> so it comes down to, what is the question we're investigating, and do we agree that collecting the answers to the question from a self-selected (and difficult to externally validate) set of respondents is a good way to investigate? It's not science, although it shows glimmers of being rational :-) Although I think I am with Marcus on this one -- after all, is asking one's partner "Do you love me?" a good way to answer the question? Or do you get more reliable data by collecting it in other ways? All of the data you collect is interesting, but it is more or less useful, depending...
Researchers adopted these sorts of measures from a knowledge that measuring can influence that which is being measured.
How appropriate for this thread. Who wants to admit in a survey that they aren't doing what is needed to stay secure?
Referring to your blaster comments, why don't we just start plotting reverse lookups of probes from infected outward-facing machines, or spewers of virus laden mail and then use that data to create a db of "insecure" organizations. (ad hoc definition of an insecure organization.)
Take that, then survey executives from those firms and other firms with small numbers of outward-directed probes or virus transmissions. There is an operational definition of insecurity stated above which can be compared to survey results. Perhaps this gets around the self-selected issue as well as some others.
rgds, b _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: VPN endpoints, (continued)
- Re: VPN endpoints Paul D. Robertson (Sep 01)
- Re: Flawed Surveys [was: VPN endpoints] Marcus J. Ranum (Sep 01)
- Re: Flawed Surveys [was: VPN endpoints] Paul D. Robertson (Sep 01)
- Re: Flawed Surveys [was: VPN endpoints] Marcus J. Ranum (Sep 01)
- Re: Flawed Surveys [was: VPN endpoints] Paul D. Robertson (Sep 01)
- Re: Re: Flawed Surveys [was: VPN endpoints] Christopher Hicks (Sep 01)
- Re: Flawed Surveys [was: VPN endpoints] Marcus J. Ranum (Sep 01)
- Re: Re: Flawed Surveys [was: VPN endpoints] Bruce B. Platt (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Tina Bird (Sep 01)
- Re: Re: Flawed Surveys [was: VPN endpoints] Bruce B. Platt (Sep 01)
- RE: Re: Flawed Surveys [was: VPN endpoints] Tina Bird (Sep 01)
- Re: Re: Flawed Surveys [was: VPN endpoints] Bruce B. Platt (Sep 01)
- Wired article on the scientific method Tina Bird (Sep 01)
- Re: Re: Flawed Surveys [was: VPN endpoints] Paul D. Robertson (Sep 01)
- Re: VPN endpoints Paul D. Robertson (Sep 01)
- Re: Re: Flawed Surveys [was: VPN endpoints] Crispin Cowan (Sep 01)
- Re: Re: Flawed Surveys [was: VPN endpoints] Adam Shostack (Sep 03)