Educause Security Discussion mailing list archives
Re: Foreign Nationals
From: "Doty, Timothy T." <tdoty () MST EDU>
Date: Thu, 31 May 2012 14:20:59 +0000
Now that's just crazy talk! Obviously we need to spy on all of them to find out which ones are secretly in communication with their masters in Tehran or Beijing, or have bad debts, a bad marital relationship that could be exploited, etc. Only then will you know who needs to be black bagged and taken overseas for some extra special questioning. And don't worry about that kind of problem among the overseers, you can rely on background checks and a polygraph to ensure that their ranks remain pure and untainted. [/sarcasm] (en.wikipedia.org/wiki/Aldrich_Ames) The current frenzy in the "intelligence" community has a familiar aroma (en.wikipedia.org/wiki/House_Un-American_Activities_Committee). I prefer the approach where you don't presume knowledge about your adversary (e.g., the notion that arabs/muslims/chinese are evil so watch out for them) and take reasonable steps to secure resources from those not authorized access. And implement logging and auditing to watch for irregular access patterns by those with authorization. That way it doesn't matter who is, or why they are, attempting to get the resource whoever or whatever the case may be. When confronted by a direct and specific threat it very much helps to have detailed knowledge about the adversary to design specific countermeasures. But not only does it not help with general security, it can actively hinder. First, because potentially *anyone* is an adversary (hence you would need to have total information awareness, which, among other issues, has the problem of false correlation which leeches resources dealing with phantoms) and second because it encourages focusing on specific groups or characteristics which ignores reality (for example, not all arabs have dark skin, but even if they did it isn't hard to recruit someone who doesn't and so the 'dark skin' focused security measure becomes a waste of resources). Tim Doty -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Wednesday, May 30, 2012 4:50 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Foreign Nationals Which one of those is the biggest *real* threat to your general computing environment? And if you aren't putting special security controls on *that* person, why are you thinking about putting them on less risky people?
Current thread:
- Foreign Nationals Dean Halter (May 30)
- Re: Foreign Nationals randy marchany (May 30)
- <Possible follow-ups>
- Re: Foreign Nationals Dean Halter (May 30)
- Re: Foreign Nationals Valdis Kletnieks (May 30)
- Re: Foreign Nationals Doty, Timothy T. (May 31)
- Re: Foreign Nationals Benjamin Parker (May 31)
- Re: Foreign Nationals Valdis Kletnieks (May 31)
- Re: Foreign Nationals Valdis Kletnieks (May 30)