Taxonomy of technological risks: when things fail badly

"A Taxonomy of Operational Cyber Security Risks" by CMU's James J. Cebula and Lisa R. Young is a year-old paper that attempts to classify all the ways that technology go wrong, and the vulnerabilities than ensue. Fascinating reading, a great primer on technology and security, and as a bonus, there's a half-dozen science fiction/technothriller plots lurking on every page.

This report presents a taxonomy of operational cyber security risks that attempts to identify and organize the sources of operational cyber security risk into four classes: (1) actions of people, (2) systems and technology failures, (3) failed internal processes, and (4) external events. Each class is broken down into subclasses, which are described by their elements. This report discusses the harmonization of the taxonomy with other risk and security activities, particularly those de- scribed by the Federal Information Security Management Act (FISMA), the National Institute of Standards and Technology (NIST) Special Publications, and the CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) method.

A Taxonomy of Operational Cyber Security Risks (PDF)

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: Happy Mutants • risk • scholarship • science fiction • security • web theory

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

KBert

Or excuse creator; let’s see, where do I point the finger this time?
http://www.facebook.com/tillwe Till Westermayer

It’s missing “5. Failure modes that are not in this table”
- AnthonyC
  
  Watch your self-reference, there.
  2 possibilities.
  1) There are no such failure modes, in which case there is no reason to include point 5.
  2) There are failure modes not found in 1-4. In this case 5. means these failure modes *are* on the table, in 5. So again, 5. indicates an empty set.
  
  Maybe you should say “5. Other failure modes.” instead.
http://www.matthewpetty.com/ Matthew Petty

This table could apply to most kinds of system. Mitigations should cover everything here, plus everything in 5 (as mentioned above).
http://www.facebook.com/people/Pishabh-Badmaash/100000345226234 Pishabh Badmaash

Where do premonitions fit into this taxonomy!
lknope

On the human side: what is the difference between a mistake and an error?
- Little John
  
  An error is when you leave something out. A mistake is when you forget to include it.
  
  I hope this clarifies all of 1.1 for you.
  
  :-P
  - lknope
    
    On the contrary:
    
    If that is the case, what is the difference between a mistake and an omission?
    - gd23
      
      1.1.1 mistake—individual with knowledge of the correct procedure accidentally taking incorrect action
      1.1.2 error—individual without knowledge of the correct procedure taking incorrect action
      1.1.3 omission—individual not taking a known correct action often due to hasty performance of a
      procedure
      
      I wonder what failure to RTFM falls under.
erin jones

Hmm, I had a science teacher in 7th grade who was fond of peppering us with his favorite koan-like aphorisms. If a kid questioned an equation or something on the board, Mr. Archer would run through the exact steps that one takes to arrive at the equation. Or he would list the history of the evolution of the topic in question, all at the speed of a machine gun wielded by a soldier who really knows how to use his gun, firing in controlled bursts. Then he would conclude with “My mistake, your error.”

We all loved him very much (including the jocks who hated every teacher) and feared him as well. Actually, it’s more accurate to say that we were in awe of him. In other words, he was an excellent teacher.He was a phenomenal man: 4′ 10” on a good day and he wore lifts and Cuban Heels (with a lab coat), quite the dandy, he sported a 17th century Dutch small spade beard and luxurious, auburn, highly waxed moustaches. He also had a blazing, dessicate wit. His phrase puzzles me to this day.What on earth was he trying to say?

(edit: I think perhaps Little John’s offering helps me a bit.)