Bright Stove

Reflecting information risk journey

Archive for the ‘Books’ Category

Blog series on Responsive Security

with one comment

I have recently published a five parts series on the captioned topic, based on my book of the same title, at Cisco’s Security Blog site. For convenience of the readers of this blog, I have the links to the five parts consolidated here for quick access:

Enjoy the series (if you haven’t read it at the Cisco site ;-)).


Written by mengchow

January 16, 2015 at 12:12 pm

Responsive Security – Be Ready to Be Secure

with 5 comments

After much anticipation, my new book, “Responsive Security – Be Ready to Be Secure“, is finally published today. Thanks to Prof Pauline Reich of Waseda University, and Chuan Wei Hoo, who helped to proof read the earlier drafts, my publisher, Ruijun He, my editor, Iris Fahrer, and many friends and family members for all the supports and assistance rendered throughout the long process to make this possible.


The book is based on my thesis on a Piezoelectric Approach on Information Security Risk Management, which captures the past decade of my experience and learning from my practice and fellow practitioners whom I have the opportunity to work with. The book walks through our current knowledge and principles of practice in information security risk management, with discourses on the underlying issues and dilemmas in a constantly changing risk environment. It introduces the concepts of responsiveness, and highlights the importance of readiness and preparedness in face of changes that we may not always able to anticipate, and lest unable to predict. Responsive Security focuses on events that could lead to systems failures rather than the current industry’s focus on the search for vulnerabilities and learning how perpetrators exploit and attack.

If you are interested to find out more about the Responsive Security concepts and approach, the book is now available at CRC Press ( and also Amazon, where an e-book version has also been published.

Keep left, walk right

leave a comment »

I have been jogging outdoor whenever I’m in Singapore due mainly to the warmer weather and cleaner environment there. During my jogs, I have observed the drainage covers that are lined up along the pavement of various walkways or footpaths just next to the roads. Most cemented walkways have the drainage cover placed on one side of the walkway. So if you are walking or jogging from one direction, the drainage covers would occupy the left-hand side of the pavement, leaving a slightly less than one foot width of cleared path on the right. With that, you would tend to walk or jog on the right-hand side of the path to avoid stepping on the drainage covers in case the covers are not properly secured and you could get your leg trapped or drop into the drain below accidentally. If you are walking or jogging from the opposite direction on that same walkway, however, you would see the drainage covers now occupying the right-hand side, which leave the left-hand side cleared. In this case, you would tend to walk on the left-hand side of the walkway. This is actually a more natural side for folks in Singapore (and perhaps in the Commonwealth countries as well) given that the road system here is to keep left by default and therefore people tends to walk on the left-hand side of the road. In the former case, as a result of the placement of drainage covers you are unconsciously influenced by design to walk on the right side of the walkway, which is actually quite awkward since we are “trained” to walk on the left-hand side by default. When there are pedestrian on both sides of the walkway, people tends to try to stick on their side of the walkway, and avoid shifting to step on the drainage covers area. When they do that, you get a feeling that they are giving way to you. The same feeling when you do the same for others. Such is how design decisions made on everyday things around us that could influence our behavioral responses, whether you feel it or not.

I also noticed that some walkways have the drainage covers that are as wide as the walkway itself. In those cases, pedestrians are kind-of forced to step on every cover as they walk or jog forward, inevidentally required to take a risk every few steps forward. I wonder whether the public work authority realizes such an implication of their design decision and the ultimate responsibility they have in the maintenance of so many drainage covers across the country. Newer walkways, nevertheless, seems to have this taken into considerations and their drainage covers are placed at the center of the pathways, leaving the two edges cleared creating two small walkways for the pedestrians on both directions. The total width of the walkways however remains narrower than the width of the drainage cover itself. So it seems that the design is to cater for the workers to get in and out of the drain underneath the walkway through any of the openings rather than the pedestrians walking on top along the walkway.

Coincidentally, I picked up a new book entitled “The Shallows: What the Internet is doing to our Brains“, a few days ago. The book stresses the idea that “the medium is the message”, that technology frequently has a more influencing role than the contents that it carry. More often than not, our habits and behaviors are influenced by the design of our environment, and the technology that we use.

Written by mengchow

April 6, 2011 at 10:27 pm

Book town (书城一游)

leave a comment »

GJ-20070324 008I was in Guangzhou in late March for a customer visit, and got an opportunity on a Saturday morning to do some sightseeing around town before continuing with my business travel in the country. As usual, my favorite tour spot is the book store. In Guangzhou, and most cities in China, instead of book stores, they have book town (书城). I visited the book town at Tian He (天和), and the first sight upon arrival was a big crowd of job seekers outside the main book mall (see photos below.) They were all crowding around make-shift stalls where job offers were posted, and registration were being taken.
The book mall is five stories high, all stuffed with books, from kids educational material to serious academic books and references. At the 5th floor is a small English books outlet.
I went to the computer science section and discovered a bookshelf (of about 3 meters width and 1.5 meter height) of computer/information security GJ-20070324 013books, all in Chinese. It has three sub-shelves, and about two-third or more of it contained various kinds of hacking and hacker related books, and less than one shelf of protection related stuff. Of those hacking related books, a small portion is translated books, i.e., those that we can find in popular book stores in Singapore and the US. The rest are locally published books. See photos below. They include detailed information on exploit developments, use of exploit tools, etc., with little information on how to implement security, or secure the various platforms or applications discussed. This imbalance in the kind of information/computer security related material on the bookshelves is a concern. It could be indirectly promoting learning the exploit tactics without really improving understanding of security protection.
2007-03-24 007Having said that, of the relatively small number of protection related material available, there were a few publications from universities that provided comprehensive treatment of information security as a knowledge domain, including material on China’s information security development and status, all in Chinese though.
Reflecting upon the above observations, I wonder how many jobs being offered and sought outside the book mall was security or hacking related. Maybe the disproportion of security versus hacking knowledge distribution in the book mall doesn’t really matter after all. Or maybe it does. I enjoyed the rest of the day at the computer mall after picking up a few of the protection related books that provide some insights on the development in China.

Written by mengchow

April 19, 2007 at 8:50 pm

Posted in Books

%d bloggers like this: