SlideShare une entreprise Scribd logo

Geer - Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets In Information Security

Source Conference
Source Conference
TechnologieBusiness
1  sur  26
Télécharger pour lire hors ligne
A Pilot Project on the Use of Prediction Markets in Information Security Dan Geer, In-Q-Tel Alex Hutton, Verizon Business Greg Shannon, Carnegie Mellon April 20th, 2011 alpha-pilot at securitypredictions dot com
Overview   Motivation (dg)   Prediction Market Examples (gs)   What is the pilot; what information will it generate? (gs)   Why is this valuable to the infosec industry? (ah)   How is this helpful to security teams and professionals? (ah) Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 2
Motivations   Our Goal: Accelerated aggregation and dissemination of actionable security information from diverse sources   Purpose of this talk: Explain the Pilot Project   Purpose of the pilot: Validate that we can use a market to collect informed opinions from participants that when aggregated and shared is of interest to individuals, organizations and the information security industry.   Excellent overview and references in:   "Using Prediction Markets to Enhance US Intelligence Capabilities," CIA Center for the Study of Intelligence, 2006, v50 n6, PDF 17pp. http://tinyurl.com/6kdqpl Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 3
The Art in Prediction   In prediction markets, the art is selecting the questions, i.e., prediction markets are invulnerable to idiots but not to idiotic questions.     Science and practice alike have shown that prediction markets have greater accuracy than surveys and, unlike surveys, can be run continuously.     As the rewards available to market participants rise, the precision of the market's predictions improves. Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 4
Primer Successful Public Prediction Markets Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 5
A Simple Market Example   http://en.wikipedia.org/wiki/Prediction_market   Will candidate X win election Y? Yes or no?   Three elements: Participants, Contracts, Incentives Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 6
Primer What are Prediction Markets? Large groups of people are smarter than an elite few, no matter how brilliant — better at solving problems, fostering innovation, coming to wise decisions, even predicting the future. — James Surowiecki, author of The Wisdom of Crowds def. Speculative markets used to make predictions of specific events. Contracts representing the event, or outcome, are bought and sold resulting in contract price fluctuations. The current price represents the current group estimate of the likelihood of the event. April 2011 7
How They Work: Reflecting Confidence in Outcomes   Individual answers are anonymous, market aggregates consensus   Participants are incented to express the strength of their confidence   Participants are rewarded based on the accuracy of their contributions   Social collaboration and comments by question, surface root causes April 2011 8
How They Work: Revealing Early Warning Indicators   Participants invest in stocks (buy/sell) and thus drive the price up or down. The price reflects the crowd’s confidence in the stated outcome.   Decision-makers receive an analytical, real-time consensus view into the true state of key issues. Project Aries will achieve customer acceptance by 30-Sept-2011. Information contained in dropping confidence April 2011 9
Social Analytic Reports & Decision Dashboards Tracking changing trends in consensus opinions Identifying divergent opinions among participants subgroups – Monitor  par*cipa*on   where does the information to  ensure  diversity   reside? April 2011 10
Pilot Overview   60-day alpha pilot   Use Consensus Point as the market platform   20-30 hand-picked participants   Internal (market) recognition as the incentive   Binary contracts varying in topic and duration   Written by Geer, Hutton, Shannon   Pilot objectives:   At least 10 contracts open at all times   20 contracts with at least 10 participants,100 trades   Positive survey results from participants at the end   At least 3 unclosed contracts estimating future events   Have a contract payout on an unexpected security event   Gain enough confidence to start a half-year beta Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 11
What Do We Want To Know?   What is the collective, anonymous, incented opinion about actionable information security events and states of the world?   How accurate and stable is this opinion/knowledge?   Can this knowledge benefit participants, 3rd parties and the industry to improve information security?   Can a prediction market mitigate the unavailability of detailed operational infosec data? Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 12
Criteria For Contracts   A binary question   Good: The market-cap leader in consumer operating systems issues a press-release on a security-critical patch this quarter.   Poor: The number of software vulnerabilities discovered in the most popular consumer operating system increased this quarter over the previous quarter.   A definitive authority on the result   Good: government agency, public company, nationally-recognized institution   Poor: news, an individual, on-line poll, micro-blog traffic   A history of indisputable previous outcomes   Good: Alerts issued, scores published, reports published   Poor: News articles, court documents, non-public sources   Market information is likely actionable   Good: A disruptive OS patch is in the pipeline   Poor: Companies will lose more data this year than last   Morally benign   Difficult for single entities to influence the outcome of the underlying event Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 13
Candidate Contracts Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 14
Other Candidate Sources & Contracts   US-CERT alerts   Botnet species announced   Statistics from data breach reports   Trends in security surveys and indexes   Statistics from software security or controls reports   MITRE CVE reports Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 15
Criteria for Alpha Participants   Demonstrated knowledge of information security   At least 5 years of professional experience in such   Diverse across   Sectors: Government, Industry, Academic   Verticals: Civilian Gov’t, Health, Financial, DoD, Telecom, etc.   Layers: hosts, networks, applications, infrastructure, content   Life cycle: creation, installation, operation, incidents, remediation   Specialties: privacy, risk, availability, integrity, etc.   Demographics Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 16
Incentive Criteria   Is legal   Is sufficient to entice participants to divulge their knowledge through market activity   Benefits are tangible to all participants   Not just the top performers   Does not encourage market manipulation or spectuation   Scales to 50 active contacts and 1,000 participants Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 17
Value to the InfoSec Industry   Opportunity for big-time benefit to the industry. Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 18
Value to the InfoSec Industry   A prediction market is a specifically framed piece of knowledge (belief as a probability)   What do you want knowledge about?   Understand trends as they happen (or don’t happen) Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 19
Value to the InfoSec Industry Suggested context: Capability to manage (skills, resources, asset landscape decision quality…) impact landscape risk threat landscape controls landscape Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 20
Value to the InfoSec Industry   Example: Mobile Malware   % Mobile devices as targeted asset in 2011 DBIR   % Mobile devices as targeted asset in 2012 DBIR   % Mobile devices as targeted asset in 2013 DBIR   The effect of new vulnerability research on the above contracts...   The effect of new security technologies on the above contracts... Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 21
Value to the InfoSec Industry Suggested context: Capability to manage (skills, resources, asset landscape decision quality…) impact landscape risk threat landscape controls landscape Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 22
Value to InfoSec Teams and Professionals   An internally facing prediction market can be used for decision support   Success/Failure of big dollar security projects   What current projects (both security and non-security) mean to the frequency or impact of security events   Impact of current security events   This breach will cost how much? Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 23
Value to InfoSec Teams and Professionals   Calibration   Ability to better qualify the subjective evidence around us   Ability to “mine” changes in “price” for causes Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 24
Recap   Our Goal: Accelerated aggregation and dissemination of actionable security information from diverse sources   To follow or join the pilot send e-mail to: alpha-pilot at security predictions dot com Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 25
On The Use of Prediction Markets in Information Security (from src-bos program) A tool created to help establish beliefs as probabilities, prediction markets are speculative markets created for the purpose of understand the probability of future events. Not widely used in Information Security, Prediction Markets may have benefits to our industry. Dan Geer, Alex Hutton and Greg Shannon will give a background around what prediction markets are, how they can be used by the information security industry as a whole, and how security departments and professionals can use them as a tool to help defend their environments. Dan Geer is a computer security analyst and risk management specialist and currently the chief information security officer for In-Q-Tel. Alex Hutton is a principal for Research & Intelligence with the Verizon Business RISK Team. Dr. Greg Shannon is the chief scientist for the CERT® Program at Carnegie Mellon University’s Software Engineering Institute. http://www.sourceconference.com/boston/speakers_2011.asp#dgeer Geer Hutton Shannon Pilot Project for an InfoSec Prediction April 2011 26 Market

Recommandé

Artificial intelligence: PwC Top Issues
Artificial intelligence: PwC Top IssuesArtificial intelligence: PwC Top Issues
Artificial intelligence: PwC Top IssuesPwC
 
Blockchain readiness block512
Blockchain readiness block512Blockchain readiness block512
Blockchain readiness block512JoAnna Cheshire
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Rafal Los
 
Hedge fund operational_due_diligence_insights_corgentum_january_2013
Hedge fund operational_due_diligence_insights_corgentum_january_2013Hedge fund operational_due_diligence_insights_corgentum_january_2013
Hedge fund operational_due_diligence_insights_corgentum_january_2013Corgetum Consulting (http://www.Corgentum.com)
 
Neuro chain the future of blockchain
Neuro chain the future of blockchainNeuro chain the future of blockchain
Neuro chain the future of blockchainDr. Billal CHOULI
 
Applications of Stock Markets for Information in Instruction
Applications of Stock Markets for Information in InstructionApplications of Stock Markets for Information in Instruction
Applications of Stock Markets for Information in InstructionPenn State University
 
Information Markets - A Workshop Approach
Information Markets - A Workshop ApproachInformation Markets - A Workshop Approach
Information Markets - A Workshop ApproachNils Reimelt, nils@reimelt.org
 
Online Information Aggregation Markets
Online Information Aggregation MarketsOnline Information Aggregation Markets
Online Information Aggregation MarketsEric van Heck
 

Recommandé

Artificial intelligence: PwC Top Issues
Artificial intelligence: PwC Top IssuesArtificial intelligence: PwC Top Issues
Artificial intelligence: PwC Top IssuesPwC
 
Blockchain readiness block512
Blockchain readiness block512Blockchain readiness block512
Blockchain readiness block512JoAnna Cheshire
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Rafal Los
 
Hedge fund operational_due_diligence_insights_corgentum_january_2013
Hedge fund operational_due_diligence_insights_corgentum_january_2013Hedge fund operational_due_diligence_insights_corgentum_january_2013
Hedge fund operational_due_diligence_insights_corgentum_january_2013Corgetum Consulting (http://www.Corgentum.com)
 
Neuro chain the future of blockchain
Neuro chain the future of blockchainNeuro chain the future of blockchain
Neuro chain the future of blockchainDr. Billal CHOULI
 
Applications of Stock Markets for Information in Instruction
Applications of Stock Markets for Information in InstructionApplications of Stock Markets for Information in Instruction
Applications of Stock Markets for Information in InstructionPenn State University
 
Information Markets - A Workshop Approach
Information Markets - A Workshop ApproachInformation Markets - A Workshop Approach
Information Markets - A Workshop ApproachNils Reimelt, nils@reimelt.org
 
Online Information Aggregation Markets
Online Information Aggregation MarketsOnline Information Aggregation Markets
Online Information Aggregation MarketsEric van Heck
 
Information markets v0.1
Information markets v0.1Information markets v0.1
Information markets v0.1Matthew De George
 
Extending disciplines to fit collaboration architectures copy
Extending disciplines to fit collaboration architectures copyExtending disciplines to fit collaboration architectures copy
Extending disciplines to fit collaboration architectures copyMatthew De George
 
Intro to Google Prediction API
Intro to Google Prediction APIIntro to Google Prediction API
Intro to Google Prediction APIGabriel Hamilton
 
The many roles of financial markets Fatih Ayık
The many roles of financial markets Fatih AyıkThe many roles of financial markets Fatih Ayık
The many roles of financial markets Fatih Ayıkfatih2323
 
Emerging Markets Information Service (EMIS)
Emerging Markets Information Service (EMIS)Emerging Markets Information Service (EMIS)
Emerging Markets Information Service (EMIS)ISI Emerging Markets (Internet Securities Inc.)
 
Information Markets for Human Resource Planning & Management
Information Markets for Human Resource Planning & ManagementInformation Markets for Human Resource Planning & Management
Information Markets for Human Resource Planning & ManagementPenn State University
 
Markets with Asymmetric Information
Markets with Asymmetric Information Markets with Asymmetric Information
Markets with Asymmetric Information Angelica Joyce Zamora
 
Predicting the future with Google Prediction API
Predicting the future with Google Prediction APIPredicting the future with Google Prediction API
Predicting the future with Google Prediction APIRadu-Sebastian Amarie
 
prediction markets at google (GPM)
prediction markets at google (GPM)prediction markets at google (GPM)
prediction markets at google (GPM)Nimesh Sharma
 
Introduction to Prediction Markets
Introduction to Prediction MarketsIntroduction to Prediction Markets
Introduction to Prediction MarketsAlex Kirtland
 
Prediction markets
Prediction marketsPrediction markets
Prediction marketsMelanie Swan
 
Explore Talks Food
Explore Talks Food Explore Talks Food
Explore Talks Food Coppa+Landini
 
Google Prediction Markets Case Study
Google Prediction Markets Case StudyGoogle Prediction Markets Case Study
Google Prediction Markets Case StudyPujita Tipnis
 
Prediction Markets
Prediction Markets Prediction Markets
Prediction Markets Melanie Swan
 
Information Failures in Markets
Information Failures in MarketsInformation Failures in Markets
Information Failures in Marketstutor2u
 
Twitter, sentiment and finance: how qualitative information and markets are r...
Twitter, sentiment and finance: how qualitative information and markets are r...Twitter, sentiment and finance: how qualitative information and markets are r...
Twitter, sentiment and finance: how qualitative information and markets are r...Giacomo Carozza
 
Confirmation Bias - How To Stop Doing The Things In IT Security That Don't Work
Confirmation Bias - How To Stop Doing The Things In IT Security That Don't WorkConfirmation Bias - How To Stop Doing The Things In IT Security That Don't Work
Confirmation Bias - How To Stop Doing The Things In IT Security That Don't WorkMichael Davis
 
Internet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, HiteInternet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, HiteGovLoop
 
Big data, democratized analytics and deep context,
Big data, democratized analytics and deep context, Big data, democratized analytics and deep context,
Big data, democratized analytics and deep context, CIDPNSI
 
Actionable Intelligence: Finding Insights & Opportunities
Actionable Intelligence: Finding Insights & OpportunitiesActionable Intelligence: Finding Insights & Opportunities
Actionable Intelligence: Finding Insights & OpportunitiesHubbard One
 
Security
SecuritySecurity
Securitydigitalagenda2012
 
Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009edcervantes
 

Contenu connexe

En vedette

Extending disciplines to fit collaboration architectures copy
Extending disciplines to fit collaboration architectures copyExtending disciplines to fit collaboration architectures copy
Extending disciplines to fit collaboration architectures copyMatthew De George
 
Intro to Google Prediction API
Intro to Google Prediction APIIntro to Google Prediction API
Intro to Google Prediction APIGabriel Hamilton
 
The many roles of financial markets Fatih Ayık
The many roles of financial markets Fatih AyıkThe many roles of financial markets Fatih Ayık
The many roles of financial markets Fatih Ayıkfatih2323
 
Information Markets for Human Resource Planning & Management
Information Markets for Human Resource Planning & ManagementInformation Markets for Human Resource Planning & Management
Information Markets for Human Resource Planning & ManagementPenn State University
 
Markets with Asymmetric Information
Markets with Asymmetric Information Markets with Asymmetric Information
Markets with Asymmetric Information Angelica Joyce Zamora
 
Predicting the future with Google Prediction API
Predicting the future with Google Prediction APIPredicting the future with Google Prediction API
Predicting the future with Google Prediction APIRadu-Sebastian Amarie
 
prediction markets at google (GPM)
prediction markets at google (GPM)prediction markets at google (GPM)
prediction markets at google (GPM)Nimesh Sharma
 
Introduction to Prediction Markets
Introduction to Prediction MarketsIntroduction to Prediction Markets
Introduction to Prediction MarketsAlex Kirtland
 
Prediction markets
Prediction marketsPrediction markets
Prediction marketsMelanie Swan
 
Google Prediction Markets Case Study
Google Prediction Markets Case StudyGoogle Prediction Markets Case Study
Google Prediction Markets Case StudyPujita Tipnis
 
Prediction Markets
Prediction Markets Prediction Markets
Prediction Markets Melanie Swan
 
Information Failures in Markets
Information Failures in MarketsInformation Failures in Markets
Information Failures in Marketstutor2u
 
Twitter, sentiment and finance: how qualitative information and markets are r...
Twitter, sentiment and finance: how qualitative information and markets are r...Twitter, sentiment and finance: how qualitative information and markets are r...
Twitter, sentiment and finance: how qualitative information and markets are r...Giacomo Carozza
 

En vedette (16)

Information markets v0.1
Information markets v0.1Information markets v0.1
Information markets v0.1
 
Extending disciplines to fit collaboration architectures copy
Extending disciplines to fit collaboration architectures copyExtending disciplines to fit collaboration architectures copy
Extending disciplines to fit collaboration architectures copy
 
Intro to Google Prediction API
Intro to Google Prediction APIIntro to Google Prediction API
Intro to Google Prediction API
 
The many roles of financial markets Fatih Ayık
The many roles of financial markets Fatih AyıkThe many roles of financial markets Fatih Ayık
The many roles of financial markets Fatih Ayık
 
Emerging Markets Information Service (EMIS)
Emerging Markets Information Service (EMIS)Emerging Markets Information Service (EMIS)
Emerging Markets Information Service (EMIS)
 
Information Markets for Human Resource Planning & Management
Information Markets for Human Resource Planning & ManagementInformation Markets for Human Resource Planning & Management
Information Markets for Human Resource Planning & Management
 
Markets with Asymmetric Information
Markets with Asymmetric Information Markets with Asymmetric Information
Markets with Asymmetric Information
 
Predicting the future with Google Prediction API
Predicting the future with Google Prediction APIPredicting the future with Google Prediction API
Predicting the future with Google Prediction API
 
prediction markets at google (GPM)
prediction markets at google (GPM)prediction markets at google (GPM)
prediction markets at google (GPM)
 
Introduction to Prediction Markets
Introduction to Prediction MarketsIntroduction to Prediction Markets
Introduction to Prediction Markets
 
Prediction markets
Prediction marketsPrediction markets
Prediction markets
 
Explore Talks Food
Explore Talks Food Explore Talks Food
Explore Talks Food
 
Google Prediction Markets Case Study
Google Prediction Markets Case StudyGoogle Prediction Markets Case Study
Google Prediction Markets Case Study
 
Prediction Markets
Prediction Markets Prediction Markets
Prediction Markets
 
Information Failures in Markets
Information Failures in MarketsInformation Failures in Markets
Information Failures in Markets
 
Twitter, sentiment and finance: how qualitative information and markets are r...
Twitter, sentiment and finance: how qualitative information and markets are r...Twitter, sentiment and finance: how qualitative information and markets are r...
Twitter, sentiment and finance: how qualitative information and markets are r...
 

Similaire à Geer - Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets In Information Security

Confirmation Bias - How To Stop Doing The Things In IT Security That Don't Work
Confirmation Bias - How To Stop Doing The Things In IT Security That Don't WorkConfirmation Bias - How To Stop Doing The Things In IT Security That Don't Work
Confirmation Bias - How To Stop Doing The Things In IT Security That Don't WorkMichael Davis
 
Internet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, HiteInternet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, HiteGovLoop
 
Big data, democratized analytics and deep context,
Big data, democratized analytics and deep context, Big data, democratized analytics and deep context,
Big data, democratized analytics and deep context, CIDPNSI
 
Actionable Intelligence: Finding Insights & Opportunities
Actionable Intelligence: Finding Insights & OpportunitiesActionable Intelligence: Finding Insights & Opportunities
Actionable Intelligence: Finding Insights & OpportunitiesHubbard One
 
Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009edcervantes
 
Intelligence Analysis & Deliverables
Intelligence Analysis & DeliverablesIntelligence Analysis & Deliverables
Intelligence Analysis & DeliverablesElijah Ezendu
 
Big Data, Democratized Analytics and International Development
Big Data, Democratized Analytics and International Development Big Data, Democratized Analytics and International Development
Big Data, Democratized Analytics and International Development CIDPNSI
 
Splunk Überblick
Splunk ÜberblickSplunk Überblick
Splunk ÜberblickSplunk
 
Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014Finjan Holdings, Inc.
 
Intelligence-Driven Innovation & Product Development: an Exercise-Driven, Int...
Intelligence-Driven Innovation & Product Development: an Exercise-Driven, Int...Intelligence-Driven Innovation & Product Development: an Exercise-Driven, Int...
Intelligence-Driven Innovation & Product Development: an Exercise-Driven, Int...Arik Johnson
 
COMPETITIVE INTELLIGENCE
COMPETITIVE INTELLIGENCECOMPETITIVE INTELLIGENCE
COMPETITIVE INTELLIGENCERobbySahoo
 
Altimetersocialanalytics081011final 110810105257-phpapp01
Altimetersocialanalytics081011final 110810105257-phpapp01Altimetersocialanalytics081011final 110810105257-phpapp01
Altimetersocialanalytics081011final 110810105257-phpapp01Stephen Darori
 
Altimeter social analytics
Altimeter social analyticsAltimeter social analytics
Altimeter social analyticsRahul Mantri
 
Analysis and ProductionInformation collected in the previous ste.docx
Analysis and ProductionInformation collected in the previous ste.docxAnalysis and ProductionInformation collected in the previous ste.docx
Analysis and ProductionInformation collected in the previous ste.docxnettletondevon
 
The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011dvasilyev
 
Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docx
Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docxRunning Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docx
Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docxwlynn1
 

Similaire à Geer - Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets In Information Security (20)

Confirmation Bias - How To Stop Doing The Things In IT Security That Don't Work
Confirmation Bias - How To Stop Doing The Things In IT Security That Don't WorkConfirmation Bias - How To Stop Doing The Things In IT Security That Don't Work
Confirmation Bias - How To Stop Doing The Things In IT Security That Don't Work
 
Internet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, HiteInternet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, Hite
 
Big data, democratized analytics and deep context,
Big data, democratized analytics and deep context, Big data, democratized analytics and deep context,
Big data, democratized analytics and deep context,
 
Actionable Intelligence: Finding Insights & Opportunities
Actionable Intelligence: Finding Insights & OpportunitiesActionable Intelligence: Finding Insights & Opportunities
Actionable Intelligence: Finding Insights & Opportunities
 
Security
SecuritySecurity
Security
 
Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009
 
Intelligence Analysis & Deliverables
Intelligence Analysis & DeliverablesIntelligence Analysis & Deliverables
Intelligence Analysis & Deliverables
 
Mifb Bulletin 2011 1
Mifb Bulletin 2011 1Mifb Bulletin 2011 1
Mifb Bulletin 2011 1
 
Big Data, Democratized Analytics and International Development
Big Data, Democratized Analytics and International Development Big Data, Democratized Analytics and International Development
Big Data, Democratized Analytics and International Development
 
WHEN Group Investor Deck
WHEN Group Investor DeckWHEN Group Investor Deck
WHEN Group Investor Deck
 
Splunk Überblick
Splunk ÜberblickSplunk Überblick
Splunk Überblick
 
Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014Finjan_Investor_Presentation_May2014
Finjan_Investor_Presentation_May2014
 
Intelligence-Driven Innovation & Product Development: an Exercise-Driven, Int...
Intelligence-Driven Innovation & Product Development: an Exercise-Driven, Int...Intelligence-Driven Innovation & Product Development: an Exercise-Driven, Int...
Intelligence-Driven Innovation & Product Development: an Exercise-Driven, Int...
 
COMPETITIVE INTELLIGENCE
COMPETITIVE INTELLIGENCECOMPETITIVE INTELLIGENCE
COMPETITIVE INTELLIGENCE
 
Altimetersocialanalytics081011final 110810105257-phpapp01
Altimetersocialanalytics081011final 110810105257-phpapp01Altimetersocialanalytics081011final 110810105257-phpapp01
Altimetersocialanalytics081011final 110810105257-phpapp01
 
Altimeter social analytics
Altimeter social analyticsAltimeter social analytics
Altimeter social analytics
 
Analysis and ProductionInformation collected in the previous ste.docx
Analysis and ProductionInformation collected in the previous ste.docxAnalysis and ProductionInformation collected in the previous ste.docx
Analysis and ProductionInformation collected in the previous ste.docx
 
The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011
 
Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docx
Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docxRunning Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docx
Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docx
 
Norris Clark PM Cluster SFO 2009
Norris Clark PM Cluster SFO 2009Norris Clark PM Cluster SFO 2009
Norris Clark PM Cluster SFO 2009
 

Plus de Source Conference

iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on AndroidSource Conference
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsSource Conference
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecuritySource Conference
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration TestersSource Conference
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSource Conference
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserSource Conference
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of AnonymousSource Conference
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary plantingSource Conference
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudSource Conference
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawSource Conference
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendSource Conference
 

Plus de Source Conference (20)

Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on Android
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and Bobs
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration Testers
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the Browser
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done It
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of Anonymous
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary planting
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime Law
 
JSF Security
JSF SecurityJSF Security
JSF Security
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security Spend
 

Dernier

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Dernier (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Geer - Hutton - Shannon - A Pilot Project On The Use Of Prediction Markets In Information Security

  • 1. A Pilot Project on the Use of Prediction Markets in Information Security Dan Geer, In-Q-Tel Alex Hutton, Verizon Business Greg Shannon, Carnegie Mellon April 20th, 2011 alpha-pilot at securitypredictions dot com
  • 2. Overview   Motivation (dg)   Prediction Market Examples (gs)   What is the pilot; what information will it generate? (gs)   Why is this valuable to the infosec industry? (ah)   How is this helpful to security teams and professionals? (ah) Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 2
  • 3. Motivations   Our Goal: Accelerated aggregation and dissemination of actionable security information from diverse sources   Purpose of this talk: Explain the Pilot Project   Purpose of the pilot: Validate that we can use a market to collect informed opinions from participants that when aggregated and shared is of interest to individuals, organizations and the information security industry.   Excellent overview and references in:   "Using Prediction Markets to Enhance US Intelligence Capabilities," CIA Center for the Study of Intelligence, 2006, v50 n6, PDF 17pp. http://tinyurl.com/6kdqpl Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 3
  • 4. The Art in Prediction   In prediction markets, the art is selecting the questions, i.e., prediction markets are invulnerable to idiots but not to idiotic questions.     Science and practice alike have shown that prediction markets have greater accuracy than surveys and, unlike surveys, can be run continuously.     As the rewards available to market participants rise, the precision of the market's predictions improves. Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 4
  • 5. Primer Successful Public Prediction Markets Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 5
  • 6. A Simple Market Example   http://en.wikipedia.org/wiki/Prediction_market   Will candidate X win election Y? Yes or no?   Three elements: Participants, Contracts, Incentives Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 6
  • 7. Primer What are Prediction Markets? Large groups of people are smarter than an elite few, no matter how brilliant — better at solving problems, fostering innovation, coming to wise decisions, even predicting the future. — James Surowiecki, author of The Wisdom of Crowds def. Speculative markets used to make predictions of specific events. Contracts representing the event, or outcome, are bought and sold resulting in contract price fluctuations. The current price represents the current group estimate of the likelihood of the event. April 2011 7
  • 8. How They Work: Reflecting Confidence in Outcomes   Individual answers are anonymous, market aggregates consensus   Participants are incented to express the strength of their confidence   Participants are rewarded based on the accuracy of their contributions   Social collaboration and comments by question, surface root causes April 2011 8
  • 9. How They Work: Revealing Early Warning Indicators   Participants invest in stocks (buy/sell) and thus drive the price up or down. The price reflects the crowd’s confidence in the stated outcome.   Decision-makers receive an analytical, real-time consensus view into the true state of key issues. Project Aries will achieve customer acceptance by 30-Sept-2011. Information contained in dropping confidence April 2011 9
  • 10. Social Analytic Reports & Decision Dashboards Tracking changing trends in consensus opinions Identifying divergent opinions among participants subgroups – Monitor  par*cipa*on   where does the information to  ensure  diversity   reside? April 2011 10
  • 11. Pilot Overview   60-day alpha pilot   Use Consensus Point as the market platform   20-30 hand-picked participants   Internal (market) recognition as the incentive   Binary contracts varying in topic and duration   Written by Geer, Hutton, Shannon   Pilot objectives:   At least 10 contracts open at all times   20 contracts with at least 10 participants,100 trades   Positive survey results from participants at the end   At least 3 unclosed contracts estimating future events   Have a contract payout on an unexpected security event   Gain enough confidence to start a half-year beta Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 11
  • 12. What Do We Want To Know?   What is the collective, anonymous, incented opinion about actionable information security events and states of the world?   How accurate and stable is this opinion/knowledge?   Can this knowledge benefit participants, 3rd parties and the industry to improve information security?   Can a prediction market mitigate the unavailability of detailed operational infosec data? Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 12
  • 13. Criteria For Contracts   A binary question   Good: The market-cap leader in consumer operating systems issues a press-release on a security-critical patch this quarter.   Poor: The number of software vulnerabilities discovered in the most popular consumer operating system increased this quarter over the previous quarter.   A definitive authority on the result   Good: government agency, public company, nationally-recognized institution   Poor: news, an individual, on-line poll, micro-blog traffic   A history of indisputable previous outcomes   Good: Alerts issued, scores published, reports published   Poor: News articles, court documents, non-public sources   Market information is likely actionable   Good: A disruptive OS patch is in the pipeline   Poor: Companies will lose more data this year than last   Morally benign   Difficult for single entities to influence the outcome of the underlying event Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 13
  • 14. Candidate Contracts Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 14
  • 15. Other Candidate Sources & Contracts   US-CERT alerts   Botnet species announced   Statistics from data breach reports   Trends in security surveys and indexes   Statistics from software security or controls reports   MITRE CVE reports Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 15
  • 16. Criteria for Alpha Participants   Demonstrated knowledge of information security   At least 5 years of professional experience in such   Diverse across   Sectors: Government, Industry, Academic   Verticals: Civilian Gov’t, Health, Financial, DoD, Telecom, etc.   Layers: hosts, networks, applications, infrastructure, content   Life cycle: creation, installation, operation, incidents, remediation   Specialties: privacy, risk, availability, integrity, etc.   Demographics Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 16
  • 17. Incentive Criteria   Is legal   Is sufficient to entice participants to divulge their knowledge through market activity   Benefits are tangible to all participants   Not just the top performers   Does not encourage market manipulation or spectuation   Scales to 50 active contacts and 1,000 participants Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 17
  • 18. Value to the InfoSec Industry   Opportunity for big-time benefit to the industry. Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 18
  • 19. Value to the InfoSec Industry   A prediction market is a specifically framed piece of knowledge (belief as a probability)   What do you want knowledge about?   Understand trends as they happen (or don’t happen) Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 19
  • 20. Value to the InfoSec Industry Suggested context: Capability to manage (skills, resources, asset landscape decision quality…) impact landscape risk threat landscape controls landscape Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 20
  • 21. Value to the InfoSec Industry   Example: Mobile Malware   % Mobile devices as targeted asset in 2011 DBIR   % Mobile devices as targeted asset in 2012 DBIR   % Mobile devices as targeted asset in 2013 DBIR   The effect of new vulnerability research on the above contracts...   The effect of new security technologies on the above contracts... Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 21
  • 22. Value to the InfoSec Industry Suggested context: Capability to manage (skills, resources, asset landscape decision quality…) impact landscape risk threat landscape controls landscape Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 22
  • 23. Value to InfoSec Teams and Professionals   An internally facing prediction market can be used for decision support   Success/Failure of big dollar security projects   What current projects (both security and non-security) mean to the frequency or impact of security events   Impact of current security events   This breach will cost how much? Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 23
  • 24. Value to InfoSec Teams and Professionals   Calibration   Ability to better qualify the subjective evidence around us   Ability to “mine” changes in “price” for causes Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 24
  • 25. Recap   Our Goal: Accelerated aggregation and dissemination of actionable security information from diverse sources   To follow or join the pilot send e-mail to: alpha-pilot at security predictions dot com Geer Hutton Shannon Pilot Project for an InfoSec Prediction Market April 2011 25
  • 26. On The Use of Prediction Markets in Information Security (from src-bos program) A tool created to help establish beliefs as probabilities, prediction markets are speculative markets created for the purpose of understand the probability of future events. Not widely used in Information Security, Prediction Markets may have benefits to our industry. Dan Geer, Alex Hutton and Greg Shannon will give a background around what prediction markets are, how they can be used by the information security industry as a whole, and how security departments and professionals can use them as a tool to help defend their environments. Dan Geer is a computer security analyst and risk management specialist and currently the chief information security officer for In-Q-Tel. Alex Hutton is a principal for Research & Intelligence with the Verizon Business RISK Team. Dr. Greg Shannon is the chief scientist for the CERT® Program at Carnegie Mellon University’s Software Engineering Institute. http://www.sourceconference.com/boston/speakers_2011.asp#dgeer Geer Hutton Shannon Pilot Project for an InfoSec Prediction April 2011 26 Market