This is my effort to refine concepts, conform terminology to what I believe is customary in the field of risk management, and to make the material more accessible to lay readers. I don't expect it to actually be accepted, but perhaps it can be useful for discussion of this or future drafts.
Several comments:
This is my first pull request on Github. I'm probably doing it wrong, either technically or culturally. Sorry! Please tell me how to do better. (As if to prove my incompetence, my first pull request was addressed to the master on my fork! What I've done here, I see, breaks GitHub's diff function...)
My starting point was to try to conform the language to risk management terminology (which is itself not settled). That means audaciously changing "adversary" to "threat" almost everywhere it appears and relegating the word "adversary" to the subcategory of threats that have a conscious motivation. (That's some of them, but far from all.) The heavy editing I did would incline a normal writer to take offense. I don't mean any, but offer these changes in the spirit of producing a work more in line with what I understand to be the more standard language of risk management.
Some changes are strongly conceptual, such as redefining "smart custody" from the use of cryptographic tools to the use of risk management. Many of the tools of smart custody are non-crypto, including safes, safe deposit boxes, and lawyers! Still it's bold to make such changes without asking anyone. I'm happy to discuss anything here with anyone so inclined.
I did some rearranging, including bringing threat (formerly "adversary") material into the main body from an appendix and adding my own brief primer on risk management. The idea here is to help teach risk management, so that readers can understand better why they are doing these processes, and to invite them to begin doing their own risk management based on their own circumstances, priorities, and assessments.
As if this strong edit isn't enough, I would do a lot more to refine, define, and prioritize the threats dealt with here. I would also characterize responses (acceptance, prevention, interdiction, and mitigation) to put more flesh on the procedures and get their relevance and importance into the minds of readers.
I think it's so great to have efforts like this that help build the social capital around Bitcoin, cryptocurrency, and digital assets. Thanks for doing it! Come what may with my contribution.
With that, I'm about to hit a button called "create pull request" for a second time, which would be embarrassing if I thought I was anything other than a lifelong non-coder.
This is my effort to refine concepts, conform terminology to what I believe is customary in the field of risk management, and to make the material more accessible to lay readers. I don't expect it to actually be accepted, but perhaps it can be useful for discussion of this or future drafts.
Several comments:
This is my first pull request on Github. I'm probably doing it wrong, either technically or culturally. Sorry! Please tell me how to do better. (As if to prove my incompetence, my first pull request was addressed to the master on my fork! What I've done here, I see, breaks GitHub's diff function...)
My starting point was to try to conform the language to risk management terminology (which is itself not settled). That means audaciously changing "adversary" to "threat" almost everywhere it appears and relegating the word "adversary" to the subcategory of threats that have a conscious motivation. (That's some of them, but far from all.) The heavy editing I did would incline a normal writer to take offense. I don't mean any, but offer these changes in the spirit of producing a work more in line with what I understand to be the more standard language of risk management.
Some changes are strongly conceptual, such as redefining "smart custody" from the use of cryptographic tools to the use of risk management. Many of the tools of smart custody are non-crypto, including safes, safe deposit boxes, and lawyers! Still it's bold to make such changes without asking anyone. I'm happy to discuss anything here with anyone so inclined.
I did some rearranging, including bringing threat (formerly "adversary") material into the main body from an appendix and adding my own brief primer on risk management. The idea here is to help teach risk management, so that readers can understand better why they are doing these processes, and to invite them to begin doing their own risk management based on their own circumstances, priorities, and assessments.
As if this strong edit isn't enough, I would do a lot more to refine, define, and prioritize the threats dealt with here. I would also characterize responses (acceptance, prevention, interdiction, and mitigation) to put more flesh on the procedures and get their relevance and importance into the minds of readers.
I think it's so great to have efforts like this that help build the social capital around Bitcoin, cryptocurrency, and digital assets. Thanks for doing it! Come what may with my contribution.
With that, I'm about to hit a button called "create pull request" for a second time, which would be embarrassing if I thought I was anything other than a lifelong non-coder.
Cheers! Jim Harper