RE: RAID 5 drive replacement schedule

["Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>]

Philippe,

I have been sitting here typing up one response after another, each time ending up deleting the whole thing and 
starting over in an attempt to make cases illustrating how availability is not always a security concern.

My thought is that at some point it comes down to system design and basic IT considerations.
But this argument is inadequate. Just because it is within IT to design redundancy it doesn't mean that it isn't a 
security concern.

My issue with this criteria is then, that it now sounds like IT is a subset of security. Not an equal or the other way 
around.
Simplified it seems to me that the entire purpose of IT is to ensure availability.

Nick Vaernhoej
"Quidquid latine dictum sit, altum sonatur."

-  -----Original Message-----
-  From: Rivest, Philippe [mailto:PRivest () transforce ca]
-  Sent: Wednesday, June 25, 2008 8:26 AM
-  To: Nick Vaernhoej; security-basics () securityfocus com
-  Subject: RE: RAID 5 drive replacement schedule
-
-  Im not to sure about which part of my previous post you think is up to
-  interpretation, if you could clarify that would help.
-
-  But for your scenario:
-
-  If I understand correctly your scenario, I know it's a resume, but it
-  is
-  flawed in the basic concept of availability.
-
-  If you have a safe box, with a door and a lock on it. No body can
-  access the
-  box and it is only available to the key holder (hence confidentiality
-  and
-  integrity could be assumed to be good). If this is the situation you
-  stated
-  then here is the concern for availability. What if the key is lost?
-  What if
-  the door lock is damage and can no longer open?
-
-  If you go about to keep a second (back up) key pair, you would
-  consider this
-  availability safeguard. If you had another way to get in the room with
-  the
-  box, that would also be considered a backup safeguard for
-  availability.
-
-
-  Hope this helped.
-
-  Merci / Thanks
-  Philippe Rivest, CEH
-  Vérificateur interne en sécurité de l'information
-  Courriel: Privest () transforce ca
-  Téléphone: (514) 331-4417
-  www.transforce.ca

This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, 
confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby 
notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in 
reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please 
notify the sender that this message was received in error and then delete this message.
Thank you.