« Your Risk Swamp | Main | Third-Party Measurement »

May 18, 2007

Comments

Iang (Risk Management's Waterloo?)

My guess is that most people just don't believe the numbers.

When I hear a number that says "5% of all people have been phished" or "40% of users don't notice the lock icon is not there" I am skeptical.

What I've noticed is that when "experts" present numbers authoritively, and those numbers are untrustworthy, people smile and say "ok". They may even repeat the numbers if they need to, but that doesn't mean they believe or act on them.

The days are gone where people just believe stats, especially security numbers. But also gone are the days where people are forced to actually back up their numbers. I'm not sure how to improve on that situation.....

(manual ping to Is this Risk Management's Waterloo? )

The comments to this entry are closed.

My Photo

Risk Reading

Blog powered by Typepad