Carry On

Introduction xv

1 The Business and Economics of Security 1

Consolidation: Plague or Progress 1

Prediction: RSA Conference Will Shrink Like a Punctured Balloon 2

How to Sell Security 4

Why People Are Willing to Take Risks 4

How to Sell Security 6

Why Do We Accept Signatures by Fax? 7

The Pros and Cons of LifeLock 9

The Problem Is Information Insecurity 12

Security ROI: Fact or Fiction? 14

The Data Imperative 15

Caveat Emptor 16

Social Networking Risks 17

Do You Know Where Your Data Are? 18

Be Careful When You Come to Put Your Trust in the Clouds 21

Is Perfect Access Control Possible? 22

News Media Strategies for Survival for Journalists 24

Security and Function Creep 26

Weighing the Risk of Hiring Hackers 27

Should Enterprises Give In to IT Consumerization at the Expense of Security? 29

The Vulnerabilities Market and the Future of Security 30

So You Want to Be a Security Expert 33

When It Comes to Security, We're Back to Feudalism 34

I Pledge Allegiance to the United States of Convenience 35

The Good, the Bad, and the Ugly 36

You Have No Control Over Security on the Feudal Internet 37

2 Crime, Terrorism, Spying, and War 41

America's Dilemma: Close Security Holes, or Exploit Them Ourselves 41

Are Photographers Really a Threat? 43

CCTV Doesn't Keep Us Safe, Yet the Cameras Are Everywhere 45

Chinese Cyberattacks: Myth or Menace? 47

How a Classic Man-in-the-Middle Attack Saved Colombian Hostages 48

How to Create the Perfect Fake Identity 51

A Fetishistic Approach to Security Is a Perverse Way to Keep Us Safe 52

The Seven Habits of Highly Ineffective Terrorists 54

Why Society Should Pay the True Costs of Security 56

Why Technology Won't Prevent Identity Theft 58

Terrorists May Use Google Earth, but Fear Is No Reason to Ban It 60

Thwarting an Internal Hacker 62

An Enterprising Criminal Has Spotted a Gap in the Market 65

We Shouldn't Poison Our Minds with Fear of Bioterrorism 66

Raising the Cost of Paperwork Errors Will Improve Accuracy 68

So-Called Cyberattack Was Overblown 70

Why Framing Your Enemies Is Now Virtually Child's Play 72

Beyond Security Theater 73

Feeling and Reality 74

Refuse to Be Terrorized 76

Cold War Encryption Is Unrealistic in Today's Trenches 77

Profiling Makes Us Less Safe 80

Fixing Intelligence Failures 81

Spy Cameras Won't Make Us Safer 82

Scanners, Sensors Are Wrong Way to Secure the Subway 84

Preventing Terrorist Attacks in Crowded Areas 86

Where Are All the Terrorist Attacks? 87

Hard to Pull Off 88

Few Terrorists 88

Small Attacks Aren't Enough 89

Worst-Case Thinking Makes Us Nuts, Not Safe 89

Threat of "Cyberwar" Has Been Hugely Hyped 92

Cyberwar and the Future of Cyber Conflict 94

Why Terror Alert Codes Never Made Sense 96

Debate Club: An International Cyberwar Treaty Is the Only Way to Stem the Threat 97

Overreaction and Overly Specific Reactions to Rare Risks 99

Militarizing Cyberspace Will Do More Harm Than Good 101

Rhetoric of Cyber War Breeds Fear--and More Cyber War 103

Attacks from China 103

GhostNet 104

Profitable 105

The Boston Marathon Bombing: Keep Calm and Carry On 105

Why FBI and CIA Didn't Connect the Dots 107

The FBI's New Wiretapping Plan Is Great News for Criminals 109

US Offensive Cyberwar Policy 112

3 Human Aspects of Security 117

Secret Questions Blow a Hole in Security 117

When You Lose a Piece of Kit, the Real Loss Is the Data It Contains 118

The Kindness of Strangers 120

Blaming the User Is Easy--But It's Better to Bypass Them Altogether 122

The Value of Self-Enforcing Protocols 123

Reputation Is Everything in IT Security 125

When to Change Passwords 127

The Big Idea: Bruce Schneier 129

High-Tech Cheats in a World of Trust 131

Detecting Cheaters 134

Lance Armstrong and the Prisoner's Dilemma of Doping in Professional Sports 137

The Doping Arms Race as Prisoner's Dilemma 138

The Ever-Evolving Problem 139

Testing and Enforcing 140

Trust and Society 141

How Secure Is the Papal Election? 143

The Court of Public Opinion 147

On Security Awareness Training 150

Our New Regimes of Trust 152

4 Privacy and Surveillance 155

The Myth of the "Transparent Society" 155

Our Data, Ourselves 157

The Future of Ephemeral Conversation 158

How to Prevent Digital Snooping 160

Architecture of Privacy 162

Privacy in the Age of Persistence 164

Should We Have an Expectation of Online Privacy? 167

Offhand but On Record 168

Google's and Facebook's Privacy Illusion 171

The Internet: Anonymous Forever 173

A Taxonomy of Social Networking Data 175

The Difficulty of Surveillance Crowdsourcing 177

The Internet Is a Surveillance State 179

Surveillance and the Internet of Things 181

Government Secrets and the Need for Whistleblowers 184

Before Prosecuting, Investigate the Government 187

5 Psychology of Security 189

The Security Mindset 189

The Difference between Feeling and Reality in Security 191

How the Human Brain Buys Security 194

Does Risk Management Make Sense? 195

How the Great Conficker Panic Hacked into Human Credulity 197

How Science Fiction Writers Can Help, or Hurt, Homeland Security 198

Privacy Salience and Social Networking Sites 201

Security, Group Size, and the Human Brain 203

People Understand Risks--But Do Security Staff Understand People? 205

Nature's Fears Extend to Online Behavior 206

6 Security and Technology 209

The Ethics of Vulnerability Research 209

I've Seen the Future, and It Has a Kill Switch 211

Software Makers Should Take Responsibility 212

Lesson from the DNS Bug: Patching Isn't Enough 214

Why Being Open about Security Makes Us All Safer in the Long Run 216

Boston Court's Meddling with "Full Disclosure" Is Unwelcome 218

Quantum Cryptography: As Awesome as It Is Pointless 220

Passwords Are Not Broken, but How We Choose Them Sure Is 222

America's Next Top Hash Function Begins 223

Tigers Use Scent, Birds Use Calls--Biometrics Are Just Animal Instinct 225

The Secret Question Is: Why Do IT Systems Use Insecure Passwords? 227

The Pros and Cons of Password Masking 229

Technology Shouldn't Give Big Brother a Head Start 231

Lockpicking and the Internet 233

The Battle Is On against Facebook and Co. to Regain Control of Our Files 235

The Difficulty of Un-Authentication 237

Is Antivirus Dead? 238

Virus and Protocol Scares Happen Every Day-- but Don't Let Them Worry You 240

The Failure of Cryptography to Secure Modern Networks 242

The Story behind the Stuxnet Virus 244

The Dangers of a Software Monoculture 247

How Changing Technology Affects Security 249

The Importance of Security Engineering 251

Technologies of Surveillance 253

When Technology Overtakes Security 255

Rethinking Security 255

7 Travel and Security 259

Crossing Borders with Laptops and PDAs 259

The TSA's Useless Photo ID Rules 261

The Two Classes of Airport Contraband 262

Fixing Airport Security 264

Laptop Security while Crossing Borders 265

Breaching the Secure Area in Airports 268

Stop the Panic on Air Security 269

A Waste of Money and Time 271

Why the TSA Can't Back Down 273

The Trouble with Airport Profiling 275

8 Security, Policy, Liberty, and Law 279

Memo to Next President: How to Get Cybersecurity Right 279

CRB Checking 281

State Data Breach Notification Laws: Have They Helped? 283

How to Ensure Police Database Accuracy 285

How Perverse Incentives Drive Bad Security Decisions 287

It's Time to Drop the "Expectation of Privacy" Test 288

Who Should Be in Charge of Cybersecurity? 291

Coordinate, but Distribute Responsibility 294

"Zero Tolerance" Really Means Zero Discretion 295

US Enables Chinese Hacking of Google 297

Should the Government Stop Outsourcing Code Development? 299

Punishing Security Breaches 300

Three Reasons to Kill the Internet Kill Switch Idea 302

Internet without Borders 302

Unpredictable Side Effects 303

Security Flaws 303

Web Snooping Is a Dangerous Move 304

The Plan to Quarantine Infected Computers 307

Close the Washington Monument 310

Whitelisting and Blacklisting 312

Securing Medical Research: a Cybersecurity Point of View 313

Fear Pays the Bills, but Accounts Must Be Settled 317

Power and the Internet 319

Danger Lurks in Growing New Internet Nationalism 321

IT for Oppression 323

The Public/Private Surveillance Partnership 325

Transparency and Accountability Don't Hurt Security-- They're Crucial to It 327

It's Smart Politics to Exaggerate Terrorist Threats 329

References 333

Index 347
11187943893ENList of Figures and Tables

Preface

Acknowledgments

Part I Book Overview and Background

Introduction

Adventures in Twitter Data Discovery

Contemporary Dataviz 101

Primary Objective

Benefits

More Important Than Ever

Revenge of the Laggards: The Current State of Dataviz

Book Overview

Defining the Visual Organization

Central Thesis of Book

Cui Bono?

Methodology: Story Matters Here

The Quest for Knowledge and Case Studies

Differentiation: A Note on Other Dataviz Texts

Plan of Attack

Next

Notes

Chapter 1: The Ascent of the Visual Organization

The Rise of Big Data

Open Data

The Burgeoning Data Ecosystem

The New Web: Semantic, Visual, and API-Driven

The Arrival of the Visual Web

Linked Data and a More Semantic Web

The Relative Ease of Accessing Data

Greater Efficiency via Clouds and Data Centers

Better Data Tools

Greater Organizational Transparency

The Copycat Economy: Monkey See, Monkey Do

Data Journalism and the Nate Silver Effect

Digital Man

The Arrival of the Visual Citizen

Mobility

The Visual Employee: A More Tech- and Data-Savvy Workforce

Navigating Our Data-Driven World

Next

Notes

Chapter 2: Transforming Data into Insights: The Tools

Dataviz: Part of an Intelligent and Holistic Strategy

The Tyranny of Terminology: DataViz, BI, Reporting, Analytics, and KPIs

Do Visual Organizations Eschew All Tried-and-True Reporting Tools?

Drawing Some Distinctions

The Dataviz Fab Five

Applications from Large Enterprise Software Vendors

LESVs: The Case For

LESVs: The Case Against

Best-of-Breed Applications

Cost

Ease of Use and Employee Training

Integration and the Big Data World

Popular Open Source Tools

D3.js

R

Others

Design Firms

Startups, Web Services, and Additional Resources

The Final Word: One Size Doesn't Fit All

Next

Notes

Part II Introducing The Visual Organization

Chapter 3: The Quintessential Visual Organization

Netflix 1.0: Upsetting the Applecart

Netflix 2.0: Self-Cannibalization

Dataviz: Part of a Holistic Big Data Strategy

Dataviz: Imbued in the Netflix Culture

Customer Insights

Better Technical and Network Diagnostics

Embracing the Community

Lessons

Next

Notes

Chapter 4: Dataviz in the DNA

The Beginnings: Using Dataviz to Create a Compelling User Experience

The Plumbing

Embracing Open Source Tools

Extensive Use of APIs

Lessons

Next

Note

Chapter 5: Transparency in Texas

Background

Early Dataviz Efforts

Embracing Traditional BI

Data Discovery

Better Visibility into Student Life

Expansion: Spreading Dataviz Throughout the System

Results

Lessons

Next

Notes

Part III Getting Started: Becoming a Visual Organization

Chapter 6: The Four-Level Visual Organization Framework

Big Disclaimers

A Simple Model

Limits and Clarifications

Progression

Is Progression Always Linear?

Can a Small Organization Best Position Itself to Reach Levels 3 and 4? If So, How?

Can an Organization Start at Level 3 or 4 and Build from the Top Down?

Is Intra-Level Progression Possible?

Are Intra- and Inter-Level Progression Inevitable?

Can Different Parts of the Organization Exist on Different Levels?

Should an Organization Struggling with Levels 1 and 2 Attempt to Move to Level 3 or 4?

Regression: Reversion to Lower Levels

Complements, Not Substitutes

Accumulated Advantage

The Limits of Lower Levels

Relativity and Sub-Levels

Should Every Organization Aspire to Level 4?

Next

Chapter 7: WWVOD?

Visualizing the Impact of a Reorg

Visualizing Employee Movement

Starting Down the Dataviz Path

Results and Lessons

Future

A Marketing Example

Next

Notes

Chapter 8: Building the Visual Organization

Data Tips and Best Practices

Data: The Primordial Soup

Walk Before You Run.At Least for Now

A Dataviz Is Often Just the Starting Point

Visualize Both Small and Big Data

Don't Forget the Metadata

Look Outside of the Enterprise

The Beginnings: All Data Is Not Required

Visualize Good and Bad Data

Enable Drill-Down

Design Tips and Best Practices

Begin with the End in Mind (Sort of)

Subtract When Possible

UX: Participation and Experimentation Are Paramount

Encourage Interactivity

Use Motion and Animation Carefully

Use Relative--Not Absolute--Figures

Technology Tips and Best Practices

Where Possible, Consider Using APIs

Embrace New Tools

Know the Limitations of Dataviz Tools

Be Open

Management Tips and Best Practices

Encourage Self-Service, Exploration, and Data Democracy

Exhibit a Healthy Skepticism

Trust the Process, Not the Result

Avoid the Perils of Silos and Specialization

If Possible, Visualize

Seek Hybrids When Hiring

Think Direction First, Precision Later

Next

Notes

Chapter 9: The Inhibitors: Mistakes, Myths, and Challenges

Mistakes

Falling into the Traditional ROI Trap

Always--and Blindly--Trusting a Dataviz

Ignoring the Audience

Developing in a Cathedral

Set it and Forget it

Bad Dataviz

TMI

Using Tiny Graphics

Myths

Data Visualizations Guarantee Certainty and Success

Data Visualization Is Easy

Data Visualizations Are Projects

There Is One "Right" Visualization

Excel Is Sufficient

Challenges

The Quarterly Visualization Mentality

Data Defiance

Unlearning History: Overcoming the Disappointments of Prior Tools

Next

Notes

Part IV Conclusion and the Future of DataViz

Coda: We're Just Getting Started

Four Critical Data-Centric Trends

Wearable Technology and the Quantified Self

Machine Learning and the Internet of Things

Multi-Dimensional Data

The Forthcoming Battle Over Data Portability and Ownership

Final Thoughts: Nothing Stops This Train

Notes

Afterword: My Life in Data

Appendix: Supplemental Dataviz Resources

Bibliography

About the Author

Index