While the book has NOTHING to say about information security directly, it's focused on how we as humans perceive probability and risk, the tools we have created to measure and manage probability and risk, and why we do not anticipate the most significant events that will occur.

A Black Swan is an event that is:

• Highly Improbable - difficult to predict based on historical information
• High Consequence - yields a game changing and hugely significant impact
• Retrospectively Distorted - after the fact, it seems stakeholders should have seen it coming.

An example from Taleb's book is Ceasar's Palace in Las Vegas - where the four most significant risk events had nothing to do with the conventional risk that we associate with gambling.

Those events are:

• $100M loss from a star performer being mauled by his tiger
• Disgruntled employee threatening to blow up facility with dynamite
• Un-balanced, un-monitored employee mishandling tax forms
• Kidnapping of owner's daughter

 While the casino had sophisticated methods and models to deal with "conventional" risks like controlling payout percentages and monitoring "whales" (high-stakes gamblers), in the end none of those methods or models helped predict the truly impactful events - the Black Swans.

An event from the information security world that comes to mind is the Domain Name System (DNS) vulnerability discovered in 2008. This vulnerability was so severe that the need for a concerted, expedited mass patching effort was required, and in retrospect it seems fairly obvious that the vulnerability would have existed.

I encourage you to take a look at this thought provoking book and keep an eye out for Black Swans that could appear in your organization.