{"id":136,"date":"2011-02-14T20:00:28","date_gmt":"2011-02-15T01:00:28","guid":{"rendered":"http:\/\/rud.is\/b\/?p=136"},"modified":"2017-03-27T08:59:57","modified_gmt":"2017-03-27T13:59:57","slug":"metricon-verification-versus-validation","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/","title":{"rendered":"Metricon: Verification versus Validation"},"content":{"rendered":"<p>Speaker:\u00a0Jennifer Bayuk<\/p>\n<p>\u00a0<\/p>\n<p>Based on work for Stevens Institute of Technology.<\/p>\n<p>How do professional systems engineers work?<\/p>\n<p>History:<\/p>\n<ol>\n<li>Mainframe<\/li>\n<li>physical security (punch cards)<\/li>\n<li>cables to terminals<\/li>\n<li>network to workstations (some data moves there &amp; on floppies) *spike in misuse &amp; abuse<\/li>\n<li>modems and dedicated links to external providers\/partners<\/li>\n<li>added midrange servers (including e-mail)<\/li>\n<li>added dial-back procedures to modem<\/li>\n<li>e-mail &amp; other issues begat firewalls<\/li>\n<li>firewalls begat the &#8220;port 80&#8221; problem<\/li>\n<li>modems expanded to the remote access issue<\/li>\n<li>remote access issue begat multi-factor auth<\/li>\n<li>then an explosion of midrange begat more malware<\/li>\n<li>internal infestation from web sites &amp; more e-mail<\/li>\n<li>added proxy servers<\/li>\n<li>made anti-virus ubiquitous<\/li>\n<li>kicked in SSL on web servers that now host critical biz apps<\/li>\n<li>(VPN sneaks in for vendors &amp; remote access)<\/li>\n<li>more customers begat identity management<\/li>\n<li>increasing attacks begat IDS<\/li>\n<li>formalized &#8220;policies&#8221; in technical security enforcement devices<\/li>\n<li>now we have data &amp; access everywhere, begets log management<\/li>\n<li>data loss begat disk encryption on servers &amp; workstations<\/li>\n<li>increasingly common app vulns begat WAFs<\/li>\n<\/ol>\n<p>\u00a0<\/p>\n<p>Reference: Stevens Inst. &#8220;systems thinking&#8221;<\/p>\n<p>Use systemogram to show what systems are supposed to do (very cool visualization for differing views of &#8220;security systems thinking&#8221;)<\/p>\n<p>applied that systemogram model to a real world example of Steven&#8217;s school computer lab<\/p>\n<p>\u00a0<\/p>\n<p>Shows the &#8220;Vee Model&#8221; (her diagram is more thorough &#8211; GET THE PRESENTATION)<\/p>\n<p>\u00a0<\/p>\n<p><div style=\"text-align: center; padding-bottom: 10px;\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2011\/02\/vee.jpg?w=510&#038;ssl=1\" alt=\"\" \/><\/p>\n<div style=\"text-align: center; padding-bottom: 10px;\"><\/div>\n<\/div>\n<p>Advantages of this approach include:<\/p>\n<ul>\n<li>Manage complexity<\/li>\n<li>Top-down requirements tracing<\/li>\n<li>Black box modeling<\/li>\n<li>Logical flow analysis<\/li>\n<li>Documentation<\/li>\n<li>Peer review<\/li>\n<li>Detailed Communication<\/li>\n<\/ul>\n<p>Must advance and move beyond threat-&gt;countermeasure insidious cycle.<\/p>\n<p>\u00a0<\/p>\n<p>Traditional requirements process involves gathering functional requirements, interface definition and system-wide &#8220;ilities&#8221; &#8211; need to get it in before the interface level (high-level &#8220;black box&#8221;)<\/p>\n<p>The major vulnerabilities are at the functional decompositional level<\/p>\n<p>Many security vulns are introduced at the interface level as well<\/p>\n<p>Unfortunately, it&#8217;s usually put at the system-wide level (as they do with availability ,etc)<\/p>\n<p>\u00a0<\/p>\n<p>What Do Security Requiremens Look Like Today?<\/p>\n<ul>\n<li>Functional &#8211; what is necessary for mission assurance<\/li>\n<li>Nonfunctional: what is necessary for system survival<\/li>\n<li>V&amp;V: what is necessary to ensure requirements are met<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p>V&amp;V: Verification: did we build it right? Validation: was it built right? (akin to correctness &amp; effectiveness)<\/p>\n<p>There are more similarities than system architects really want to believe or understand.<\/p>\n<p>\u00a0<\/p>\n<blockquote>\n<p>Much of security metrics are really verification vs validation<\/p>\n<\/blockquote>\n<p>\u00a0<\/p>\n<p>Validation Criteria<\/p>\n<ul>\n<li>content <\/li>\n<li>face<\/li>\n<li>criterion<\/li>\n<li>construct<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Speaker:\u00a0Jennifer Bayuk \u00a0 Based on work for Stevens Institute of Technology. How do professional systems engineers work? History: Mainframe physical security (punch cards) cables to terminals network to workstations (some data moves there &amp; on floppies) *spike in misuse &amp; abuse modems and dedicated links to external providers\/partners added midrange servers (including e-mail) added dial-back [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[3,47,4],"tags":[241,237,242,243,236,207,235,240,239,238],"class_list":["post-136","post","type-post","status-publish","format-standard","hentry","category-information-security","category-metrics","category-risk","tag-clinical-research","tag-jennifer-bayuk","tag-pharmaceutical-industry","tag-quality","tag-security-systems","tag-speaker","tag-stevens-institute-of-technology","tag-systems-engineering","tag-validation","tag-vee-model"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Metricon: Verification versus Validation - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Metricon: Verification versus Validation - rud.is\" \/>\n<meta property=\"og:description\" content=\"Speaker:\u00a0Jennifer Bayuk \u00a0 Based on work for Stevens Institute of Technology. How do professional systems engineers work? History: Mainframe physical security (punch cards) cables to terminals network to workstations (some data moves there &amp; on floppies) *spike in misuse &amp; abuse modems and dedicated links to external providers\/partners added midrange servers (including e-mail) added dial-back [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2011-02-15T01:00:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-03-27T13:59:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/rud.is\/b\/wp-content\/uploads\/2011\/02\/vee.jpg\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"Metricon: Verification versus Validation\",\"datePublished\":\"2011-02-15T01:00:28+00:00\",\"dateModified\":\"2017-03-27T13:59:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/\"},\"wordCount\":394,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"image\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2011\\\/02\\\/vee.jpg\",\"keywords\":[\"Clinical research\",\"Jennifer Bayuk\",\"Pharmaceutical industry\",\"Quality\",\"security systems\",\"Speaker\",\"Stevens Institute of Technology\",\"Systems engineering\",\"Validation\",\"Vee Model\"],\"articleSection\":[\"Information Security\",\"Metrics\",\"Risk\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/\",\"name\":\"Metricon: Verification versus Validation - rud.is\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2011\\\/02\\\/vee.jpg\",\"datePublished\":\"2011-02-15T01:00:28+00:00\",\"dateModified\":\"2017-03-27T13:59:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2011\\\/02\\\/vee.jpg?fit=468%2C235&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2011\\\/02\\\/vee.jpg?fit=468%2C235&ssl=1\",\"width\":\"468\",\"height\":\"235\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-verification-versus-validation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/rud.is\\\/b\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Metricon: Verification versus Validation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/\",\"name\":\"rud.is\",\"description\":\"&quot;In God we trust. All others must bring data&quot;\",\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/rud.is\\\/b\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\\\/\\\/rud.is\"],\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/author\\\/hrbrmstr\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Metricon: Verification versus Validation - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/","og_locale":"en_US","og_type":"article","og_title":"Metricon: Verification versus Validation - rud.is","og_description":"Speaker:\u00a0Jennifer Bayuk \u00a0 Based on work for Stevens Institute of Technology. How do professional systems engineers work? History: Mainframe physical security (punch cards) cables to terminals network to workstations (some data moves there &amp; on floppies) *spike in misuse &amp; abuse modems and dedicated links to external providers\/partners added midrange servers (including e-mail) added dial-back [&hellip;]","og_url":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/","og_site_name":"rud.is","article_published_time":"2011-02-15T01:00:28+00:00","article_modified_time":"2017-03-27T13:59:57+00:00","og_image":[{"url":"https:\/\/rud.is\/b\/wp-content\/uploads\/2011\/02\/vee.jpg","type":"","width":"","height":""}],"author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"Metricon: Verification versus Validation","datePublished":"2011-02-15T01:00:28+00:00","dateModified":"2017-03-27T13:59:57+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/"},"wordCount":394,"commentCount":0,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"image":{"@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/#primaryimage"},"thumbnailUrl":"https:\/\/rud.is\/b\/wp-content\/uploads\/2011\/02\/vee.jpg","keywords":["Clinical research","Jennifer Bayuk","Pharmaceutical industry","Quality","security systems","Speaker","Stevens Institute of Technology","Systems engineering","Validation","Vee Model"],"articleSection":["Information Security","Metrics","Risk"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/","url":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/","name":"Metricon: Verification versus Validation - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"primaryImageOfPage":{"@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/#primaryimage"},"image":{"@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/#primaryimage"},"thumbnailUrl":"https:\/\/rud.is\/b\/wp-content\/uploads\/2011\/02\/vee.jpg","datePublished":"2011-02-15T01:00:28+00:00","dateModified":"2017-03-27T13:59:57+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/#primaryimage","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2011\/02\/vee.jpg?fit=468%2C235&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2011\/02\/vee.jpg?fit=468%2C235&ssl=1","width":"468","height":"235"},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"Metricon: Verification versus Validation"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":"&quot;In God we trust. All others must bring data&quot;","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-2c","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":12412,"url":"https:\/\/rud.is\/b\/2019\/07\/15\/quick-hit-a-different-diminutive-look-at-distributions-with-ggeconodist\/","url_meta":{"origin":136,"position":0},"title":"Quick Hit: A Different (Diminutive) Look At Distributions With {ggeconodist}","author":"hrbrmstr","date":"2019-07-15","format":false,"excerpt":"Despite being a full-on denizen of all things digital I receive a fair number of dead-tree print magazines as there's nothing quite like seeing an amazing, large, full-color print data-driven visualization up close and personal. I also like supporting data journalism through the subscriptions since without cash we will only\u2026","rel":"","context":"In &quot;R&quot;","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2019\/07\/gm-1.png?fit=600%2C700&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2019\/07\/gm-1.png?fit=600%2C700&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2019\/07\/gm-1.png?fit=600%2C700&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":6351,"url":"https:\/\/rud.is\/b\/2017\/09\/17\/armchair-quarterbacking-systemic-organization-and-industry-failures\/","url_meta":{"origin":136,"position":1},"title":"Armchair Quarterbacking Systemic Organization and Industry Failures","author":"hrbrmstr","date":"2017-09-17","format":false,"excerpt":"insert(post, \"{ 'standard_disclaimer' : 'My opinion, not my employer\\'s' }\") This is a post about the fictional company FredCo. If the context or details presented by the post seem familiar, it's purely coincidental. This is, again, a fictional story. Let's say FredCo had a pretty big breach that (fictionally) garnered\u2026","rel":"","context":"In &quot;Cybersecurity&quot;","block_context":{"text":"Cybersecurity","link":"https:\/\/rud.is\/b\/category\/cybersecurity\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12225,"url":"https:\/\/rud.is\/b\/2019\/05\/26\/two-new-ways-to-make-dns-over-https-queries-in-r\/","url_meta":{"origin":136,"position":2},"title":"Two New Ways to Make DNS over HTTPS Queries in R","author":"hrbrmstr","date":"2019-05-26","format":false,"excerpt":"A fair bit of time ago the {gdns} package made its way to CRAN to give R users the ability to use Google's (at that time) nascent support for DNS over HTTPS (DoH). A bit later on Cloudflare also provided a global DoH endpoint and that begat the (not-on-CRAN) {dnsflare}\u2026","rel":"","context":"In &quot;DNS&quot;","block_context":{"text":"DNS","link":"https:\/\/rud.is\/b\/category\/dns\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7051,"url":"https:\/\/rud.is\/b\/2017\/11\/11\/measuring-monitoring-internet-speed-with-r\/","url_meta":{"origin":136,"position":3},"title":"Measuring &#038; Monitoring Internet Speed with R","author":"hrbrmstr","date":"2017-11-11","format":false,"excerpt":"Working remotely has many benefits, but if you work remotely in an area like, say, rural Maine, one of those benefits is not massively speedy internet connections. Being able to go fast and furious on the internet is one of the many things I miss about our time in Seattle\u2026","rel":"","context":"In &quot;R&quot;","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/11\/spdtst.gif?fit=1200%2C647&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/11\/spdtst.gif?fit=1200%2C647&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/11\/spdtst.gif?fit=1200%2C647&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/11\/spdtst.gif?fit=1200%2C647&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/11\/spdtst.gif?fit=1200%2C647&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":298,"url":"https:\/\/rud.is\/b\/2011\/03\/07\/behind-the-mask-supporting-the-new-cio-personas\/","url_meta":{"origin":136,"position":4},"title":"Behind The Mask : Supporting The New CIO Personas","author":"hrbrmstr","date":"2011-03-07","format":false,"excerpt":"This morning, @joshcorman linked to an article in the Harvard Business Review \"The Conversation\" blog that put forth the author's view of The Four Personas of the Next-Genereation CIO. The term persona is very Jungian and literally refers to \"masks worn by a mime\". According to Jung, the persona \"enables\u2026","rel":"","context":"In &quot;Compliance&quot;","block_context":{"text":"Compliance","link":"https:\/\/rud.is\/b\/category\/compliance\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2225,"url":"https:\/\/rud.is\/b\/2013\/03\/03\/security-hobos\/","url_meta":{"origin":136,"position":5},"title":"Security Hobos","author":"hrbrmstr","date":"2013-03-03","format":false,"excerpt":"If you haven't viewed\/read Wendy Nather's (@451Wendy) insightful [Living Below The Security Poverty Line](https:\/\/451research.com\/t1r-insight-living-below-the-security-poverty-line) you really need to do that before continuing (we'll still be here when you get back). Unfortunately, the catalyst for this post came from two recent, real-world events: my returned exposure to the apparent ever-increasing homeless\u2026","rel":"","context":"In &quot;Breach&quot;","block_context":{"text":"Breach","link":"https:\/\/rud.is\/b\/category\/breach\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=136"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/136\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}