Security Basics mailing list archives
Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security."
From: Jason Muskat <Jason () TechDude Ca>
Date: Wed, 10 May 2006 18:50:30 -0400
Hello, Most of the time, security, any security, is about bringing that feel good feeling to the customer; having somebody to blame when something goes bad is a plus as well. Real security is very rare as it costs a lot. Most people think they are secure because of a policy, or something just as silly like a sign on the wall. I think it is imperative that government set and regulate minimal real information security standards especially in sectors that provide essential services such as power, telecomm, and banking, and such. The regulations will allow the security people to enforce security despite a line of business not wanting to 'implement" a secure solution. People are still building new applications and workflows that use telnet and refuse to use SSH or any secure other secure methods such as telnet over SSL. Regards, -- Jason Muskat | GCUX - de VE3TSJ ____________________________ TechDude e. Jason () TechDude Ca m. 416 .414 .9934 http://TechDude.Ca/
From: "Sadler, Connie" <Connie_Sadler () brown edu> Date: Wed, 10 May 2006 13:01:06 -0400 To: <email () securityabsurdity com>, <security-basics () securityfocus com> Conversation: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Subject: RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." I think there is a *lot* more to this, but don't have the time to fully respond. Good things to think about - yes! But InfoSec has never had the authority to do what's best. Ideas are floated and quickly rejected, and the "balance" we all try to provide is as much as many of us can "push" out against a very resistant culture. Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC Director, IT Security, Brown University Box 1885, Providence, RI 02912 Office: 401-863-7266 -----Original Message----- From: email () securityabsurdity com [mailto:email () securityabsurdity com] Sent: Wednesday, May 10, 2006 12:54 AM To: security-basics () securityfocus com Subject: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security. A long-overdue wake up call for the information security community. Article: http://www.securityabsurdity.com/failure.php
Current thread:
- Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." email (May 10)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Saqib Ali (May 15)
- <Possible follow-ups>
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Sadler, Connie (May 10)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Conlan Adams (May 11)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 11)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Craig Wright (May 20)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Craig Wright (May 20)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 20)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Robinson, Sonja (May 23)