Security Basics mailing list archives
RE: RAID 5 drive replacement schedule
From: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Date: Wed, 25 Jun 2008 09:16:23 -0500
Philippe, I have been sitting here typing up one response after another, each time ending up deleting the whole thing and starting over in an attempt to make cases illustrating how availability is not always a security concern. My thought is that at some point it comes down to system design and basic IT considerations. But this argument is inadequate. Just because it is within IT to design redundancy it doesn't mean that it isn't a security concern. My issue with this criteria is then, that it now sounds like IT is a subset of security. Not an equal or the other way around. Simplified it seems to me that the entire purpose of IT is to ensure availability. Nick Vaernhoej "Quidquid latine dictum sit, altum sonatur." - -----Original Message----- - From: Rivest, Philippe [mailto:PRivest () transforce ca] - Sent: Wednesday, June 25, 2008 8:26 AM - To: Nick Vaernhoej; security-basics () securityfocus com - Subject: RE: RAID 5 drive replacement schedule - - Im not to sure about which part of my previous post you think is up to - interpretation, if you could clarify that would help. - - But for your scenario: - - If I understand correctly your scenario, I know it's a resume, but it - is - flawed in the basic concept of availability. - - If you have a safe box, with a door and a lock on it. No body can - access the - box and it is only available to the key holder (hence confidentiality - and - integrity could be assumed to be good). If this is the situation you - stated - then here is the concern for availability. What if the key is lost? - What if - the door lock is damage and can no longer open? - - If you go about to keep a second (back up) key pair, you would - consider this - availability safeguard. If you had another way to get in the room with - the - box, that would also be considered a backup safeguard for - availability. - - - Hope this helped. - - Merci / Thanks - Philippe Rivest, CEH - Vérificateur interne en sécurité de l'information - Courriel: Privest () transforce ca - Téléphone: (514) 331-4417 - www.transforce.ca This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message. Thank you.
Current thread:
- RE: RAID 5 drive replacement schedule, (continued)
- RE: RAID 5 drive replacement schedule Burton Strauss (Jun 24)
- RE: RAID 5 drive replacement schedule Rivest, Philippe (Jun 20)
- Re: RAID 5 drive replacement schedule Adriel Desautels (Jun 20)
- RE: RAID 5 drive replacement schedule Murda Mcloud (Jun 23)
- Re: RAID 5 drive replacement schedule Adriel Desautels (Jun 24)
- Re: RAID 5 drive replacement schedule Mellow Marquis (Jun 25)
- RE: RAID 5 drive replacement schedule Rivest, Philippe (Jun 25)
- RE: RAID 5 drive replacement schedule Nick Vaernhoej (Jun 20)
- Re: RAID 5 drive replacement schedule Adriel Desautels (Jun 20)
- RE: RAID 5 drive replacement schedule Rivest, Philippe (Jun 25)
- RE: RAID 5 drive replacement schedule Nick Vaernhoej (Jun 25)
- RE: RAID 5 drive replacement schedule Rivest, Philippe (Jun 25)
- Re: RAID 5 drive replacement schedule Adriel Desautels (Jun 25)