Firewall Wizards mailing list archives

Re: Security Policy methodologies

From: Anton J Aylward <anton () the-wire com>
Date: Tue, 06 Jan 1998 16:52:17 -0500

At 08:09 AM 06/01/98 -0800, Larry J. Hughes Jr. wrote:

Second, there are many pointy-hairs around who will misuse the statistics. 
"What? Only a 0.01 percent chance of email being snooped?  That doesn't
justify spending $X per seat to implement PGP companywide.  Think of the
money we'll save that our competitors will spend.  That gives us a real
competitive edge."


Do you remember the Two Men and The Bear story?
You don't have to run faster than the bear, only faster 
than the other guy.

So the hackers say "Oh, he's using PGP, lets find an easier target".
The 0.01% has just turned into a 98.4%.

How's that for a competitive edge?

/anton

--------------------------------------------------------------------------
Anton J Aylward          | "Quality refers to the extent to which 
System Integrity         | processes, products, services, and 
InfoSec Consulting       | relationships are free from defects, 
Voice: (416) 421-8182    | constraints and items which do not add
  Fax: (416) 421-8183    | value." - Dr. Mildred G Pryor, 1995

Current thread:

Re: Security Policy methodologies, (continued)
- - - Re: Security Policy methodologies Marcus J. Ranum (Jan 03)
    - Re: Security Policy methodologies Ted Doty (Jan 05)
    - Re: Security Policy methodologies Aleph One (Jan 05)
    - Re: Security Policy methodologies Ted Doty (Jan 05)
    - Re: Security Policy methodologies Larry J. Hughes Jr. (Jan 06)
    - Re: Security Policy methodologies Rick Smith (Jan 07)
    - Re: Security Policy methodologies Ted Doty (Jan 07)
- RE: Security Policy methodologies Rick Smith (Jan 01)
- Re: Security Policy methodologies Aleph One (Jan 03)
  - Survey so far - Security Policy methodologies Bret Watson (Jan 04)
- Re: Security Policy methodologies Anton J Aylward (Jan 06)