Security Basics mailing list archives
Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security."
From: "Stephen John Smoogen" <smooge () gmail com>
Date: Wed, 17 May 2006 17:07:18 -0600
On 5/16/06, Jason Muskat <Jason () techdude ca> wrote:
Hello, Security has to be correct 100% of the time. One omission can lead to an exposure. Count yourself lucky that your vulnerabilities haven't been exposed (that you know of -- Think Ohio State's exposure <http://www.ohio.edu/datatheft/alumni/index.cfm>). Many organizations cover up (do not report to governmental authorizes) every exposure that occurs. This is the norm.
The only 100% correct all the time system is the one that has been turned off and buried in a Nickel lined concrete bunker 100 feet from anything. You are going to be lucky if you see 95% of the time over say a year that you are not going to see some sort of breach somewhere on any large system. That doesnt mean you do not try to protect to your best ability, but you also need to make sure that you are prepared for what happens when the breach occurs. And that means beyond "Cover our butt and point our fingers at xyz user, contractor, etc as the source of the problem" -- Stephen J Smoogen. CSIRT/Linux System Administrator
Current thread:
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Bob Radvanovsky (May 12)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Saqib Ali (May 15)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 17)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Stephen John Smoogen (May 20)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 23)
- RE: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Angela and Donald (May 24)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Jason Muskat (May 24)
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Saqib Ali (May 15)
- <Possible follow-ups>
- Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security." Bob Radvanovsky (May 23)