Security Basics mailing list archives
Re: RAID 5 drive replacement schedule
From: Adriel Desautels <adriel () netragard com>
Date: Wed, 25 Jun 2008 13:25:20 -0400
Philippe,I think that this conversation has become too philosophical (mental masturbation even). The roles of an IT department depend on the entity in which the IT department exists. What people should do, and what people are actually responsible for are usually two different things.
With respect to CIA, it is not the end-all be-all definition to Information Security, IT Security, or any other form of security. It is a good acronym to help people remember important aspects of security, but in my opinion thats about it. (and no I don't want to get into another CIA discussion.)
Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --------------------------------------------------------------- Netragard, LLC - http://www.netragard.com - "We make IT Safe" Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn Rivest, Philippe wrote:
The purpose of IT is to abide by the rules and decision made by the data owner (be it system or entity owner). No design should be done, before you know the classification of the data simply because they may be no need for redundancy or they may be specific needs. You stated it back wards when you said: - My thought is that at some point it comes down to system design and basic IT considerations. Also you are incorrect with this statement: -Simplified it seems to me that the entire purpose of IT is to ensure availability. The purpose of IT is to respect the CIA in regards to the need of the company or data owner, no more or no less. IT is only an organization that services the needs of the data/system owner in a technological manner. Merci / Thanks Philippe Rivest, CEH Vérificateur interne en sécurité de l'information Courriel: Privest () transforce ca Téléphone: (514) 331-4417 www.transforce.ca -----Message d'origine-----De : Nick Vaernhoej [mailto:nick.vaernhoej () capitalcardservices com] Envoyé : 25 juin 2008 10:16À : Rivest, Philippe; security-basics () securityfocus com Objet : RE: RAID 5 drive replacement schedule Philippe, I have been sitting here typing up one response after another, each time ending up deleting the whole thing and starting over in an attempt to make cases illustrating how availability is not always a security concern. My thought is that at some point it comes down to system design and basic IT considerations. But this argument is inadequate. Just because it is within IT to design redundancy it doesn't mean that it isn't a security concern. My issue with this criteria is then, that it now sounds like IT is a subset of security. Not an equal or the other way around. Simplified it seems to me that the entire purpose of IT is to ensure availability. Nick Vaernhoej "Quidquid latine dictum sit, altum sonatur." - -----Original Message----- - From: Rivest, Philippe [mailto:PRivest () transforce ca] - Sent: Wednesday, June 25, 2008 8:26 AM - To: Nick Vaernhoej; security-basics () securityfocus com - Subject: RE: RAID 5 drive replacement schedule- - Im not to sure about which part of my previous post you think is up to- interpretation, if you could clarify that would help.- - But for your scenario: - - If I understand correctly your scenario, I know it's a resume, but it- is - flawed in the basic concept of availability.- - If you have a safe box, with a door and a lock on it. No body can- access the - box and it is only available to the key holder (hence confidentiality - and - integrity could be assumed to be good). If this is the situation you - stated - then here is the concern for availability. What if the key is lost? - What if - the door lock is damage and can no longer open?- - If you go about to keep a second (back up) key pair, you would- consider this - availability safeguard. If you had another way to get in the room with - the - box, that would also be considered a backup safeguard for - availability.- - - Hope this helped. - - Merci / Thanks- Philippe Rivest, CEH - Vérificateur interne en sécurité de l'information - Courriel: Privest () transforce ca - Téléphone: (514) 331-4417 - www.transforce.ca This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message. Thank you.
Current thread:
- Re: RAID 5 drive replacement schedule, (continued)
- Re: RAID 5 drive replacement schedule Adriel Desautels (Jun 20)
- RE: RAID 5 drive replacement schedule Murda Mcloud (Jun 23)
- Re: RAID 5 drive replacement schedule Adriel Desautels (Jun 24)
- Re: RAID 5 drive replacement schedule Mellow Marquis (Jun 25)
- RE: RAID 5 drive replacement schedule Rivest, Philippe (Jun 25)
- RE: RAID 5 drive replacement schedule Nick Vaernhoej (Jun 20)
- Re: RAID 5 drive replacement schedule Adriel Desautels (Jun 20)
- RE: RAID 5 drive replacement schedule Rivest, Philippe (Jun 25)
- RE: RAID 5 drive replacement schedule Nick Vaernhoej (Jun 25)
- RE: RAID 5 drive replacement schedule Rivest, Philippe (Jun 25)
- Re: RAID 5 drive replacement schedule Adriel Desautels (Jun 25)