The Awareness Pseudoscience

Moving from benchmarking to baselining.


By Eh’den Biber


Trying to figure out the level of awareness to information security within an organisation is a taunting task. Throughout the years I’ve seen multiple attempts to deliver effective metrics and frankly – most of them sucked, big time, including the ones I came up with. Retrospectively I can humbly say – especially the ones I’ve chosen.

The difficulty arises from the simple fact that most of the information security professionals who are assigned to deliver such task have no clue what awareness is. We (humans) think we know what awareness is, but since our experience is subjective we don’t have a clue what it actually means. Awareness, or the nature of consciousness which is aware of itself is beyond the scope of this article. I’ve written a series of articles about it (the desolation of awareness) and I invite you to read them, rather than repeat segments of it.

Continue reading

The Metrics

The Metrics

What does a mass murderer has to do with information security metrics?

By Eh’den (Uri) Biber, CISM/CISSP/CISA/CRISC, member of the NeuroLeadership Institute.

A few days ago, on the 13th of December 2011 Belgians were shocked to discover that in Liege a gunman had killed 5 people and injured scores of people.

To anyone who don’t know where Belgium is, or where Liege is – I’ve enclose below a map. If you can’t even identify Belgium in the small map I suggest to search for it – it might be small in size, but it compensate with its beer and chocolates.  Liege is located about 60 miles or 90km to the east of the capital, Brussels. Continue reading