tssci security

We really wouldn't need a security industry

if everybody was honest with themselves and others. If people didn't break into other people's houses, bank accounts, commit acts that are criminal and deprive (or take advantage of) others' rights, we wouldn't need security. Remember the days you could leave your front door unlocked? Whatever happened to taking people for their word? Nowadays, you need contracts and a bunch of legal hoopla to communicate with one another.

Recall "risk" -- threat x vulnerability x asset value. Take the threat out of the equation and you no longer have a risk -- nobody would care to take advantage of it. Take the vulnerability out of the equation (like Bruce Schneier did) and you have a completely secure system. What's the most practical way to lower risk? Eliminate the threat or remove the vulnerabilities? We can't do both 100%, so what Schneier is suggesting, is unreasonable and impossible. The best we can do is work with law enforcement and justice system to remove the threat as best we can and through improved processes, create systems with less vulnerabilities.

" ....as long as people are involved, security threats can never be completely eliminated" - Viktor Cherkashin, KGB officer

Posted by Marcin on Thursday, May 10, 2007 in Security.

blog comments powered by Disqus
blog comments powered by Disqus