The May 2008 issue of TechNet Magazine is out. It has an article in it that I have been wanting to write for a long time, called Quantum Security. In it I posit the argument that there are some fundamental laws of security, similar to the laws of physics, which we must not ignore in our risk management practices. I also got to include a revised version of the age-old Annualized Loss Expectancy (ALE) equation. Anyone who has taken the CISSP exam should be familiar with ALE. I believe the equation in common use is outdated and fails to account for the modifications we make to systems when we apply security to them. To properly address risk we need an updated version of the ALE. The article includes the rationale.
The article is available online, but I think the print version looks a lot nicer. Let me know what you think about it.