才子の良辰

1. Is it real?
2. What is the form and magnitude of the effect?
3. What happens if conditions change?

In addition, one also need to think about the scale of the problem.

If you

(1) form the right hypothesis,

(2) collect the right data,

(3) explain clearly and argue for why this is the right data,

(4) collect it in an unbiased way and

(5) apply statistics properly,

you are in it FTW.

Heilmeier's Catechism

When George Heilmeier was the director of ARPA in the mid 1970s, he had a standard set of questions he expected every proposal for a new research program to answer. These have been called the Heilmeier Catechism. It's a good exercise to answer these questions for an individual research project, too, both for yourself and as a way to convey to others what you hope to accomplish. So here they are:

1. What is the problem, why is it hard?
2. How is it solved today?
3. What is the new technical idea; why can we succeed now?
4. What is the impact if successful?
5. How will the program be organized?
6. How will intermediate results be generated?
7. How will you measure progress?
8. What will it cost?

Of course, if you are proposing a small effort, like a class project or MS thesis, some of these questions should be adapted and modified (e.g., #5 and #8).

今天收到了系里小米的邮件，告知我通过了了Phd candidacy exam, 正式成为Phd Candidate。算是在美国生活的一个Milestone吧。纪念一下。

ps: 考完candidacy之后去了加州玩了一趟，这两天事情比较多，游记日后再补。

Today I officially become a Ph.D. candidate at the College of Information Sciences and Technology, the Pennsylvania State University. LOL

Version 0.1, created after meeting with Prof. McGill on May 8th. Better be done before mid of June. The list is not in formal reference format. Books

1. Against the Gods
2. The Black Swan
3. The Failure of Risk Management
4. Risk Intelligence

Papers

1. Kaplan and Garrick, "On the Quantitative Definition of Risk."  Risk Analysis, Vol. 1, No. 1.
2. Haimes, Y. Y. "Total Risk Management"
3. Giovanni, "What is Security"
4. Giovanni, "Is Security Utilitarian"
5. Giovanni, "Risk and Security, Are They Compatible Concepts?"
6. Giovanni, "The Management of Security, How Robust Is the Justification Process"
7. Qualitative Risk Assessment, the book chapter
8. How useful is quantitative risk assessment
9. Kaplan, S., and Garrick, B. J. (1981). “On the Quantitative Definition of Risk.” Risk
   Analysis, Vol. 1, No. 1, pp. 11-27.
10. The decision guidance paper
11. Pate-Cornell, E., and Guikema, S. (2002). “Probabilistic Modeling of Terrorist Threats: A
    Systems Analysis Approach to Setting Priorities Among Countermeasures.”
    Military Operations Research, Vol. 7, No. 4, pp. 5-23.
12. Frank Knight, Risk, Uncertainty and Profit
13. Giovanni, Defining Security
14. The politics of security
15. McGill, W. L., and Ayyub, B. M. (2007b). “The Meaning of Vulnerability in the Context
    of Critical Infrastructure Protection.” in Jackson, E. ed. Critical Infrastructure
    Protection: Elements of Risk. George Mason University Critical Infrastructure
    Protection Program.
16. Executive Guide: Information Security Management: Learning From Leading Organizations. (GAO/AIMD-98-68, May 1998)
17. Information Security Risk Assessment: Practices of Leading Organizations. GAO/AIMD-00-33
18. CERT report
19. Windoes of vulnerability, a case study analysis.
20. Guidelines  for automatic data processing physical security and risk management
21. Guideline for the analysis of local area network security
22. NIST, risk management guide draft
23. AS/NZS 4360:1999 Risk Management
24. Information Security is Information RIsk Management
25. Wash-1400

26.