Firewall Wizards mailing list archives
RE: Hopefully not too OT
From: Chris Blask <chris () blask org>
Date: Fri, 06 May 2005 09:41:18 -0400
Hi folks! At 12:56 PM 5/5/2005, Paul D. Robertson wrote:
On Tue, 3 May 2005 MHawkins () TULLIB COM wrote: > For some reason, most people look at their computer and think it is > inherently safe in the world. But when they look at almost anything else > they use or own, they intuitively see and know it is at risk at all times. No, they don't.
Well, they kinda do. The continued existence of their possessions is a reliable test of the effectiveness of the security applied to those assets - whether they take the time to think consciously about the equation or not - so they find a level of operational security for those assets that they can feel comfortable with.
Where electronic assets diverge is that their owners cannot achieve the same level of comfort just by seeing that those assets are still in their possession from day to day. For all they know those assets have also already been stolen or compromised. It's like knowing that, while you see your car in your garage every day, it may disolve next time you touch it because all the metal has been stolen out from underneath the paint. People don't know what they have to do to feel comfortable about the security of their virtual assets, so they either get fanatical about it or ignore it entirely (more often the latter, for lack of comprehensible expertise).
> Car, house, boat, family, wine collection, iPod - they are all seen as beingBoats, planes, cars and iPods are generally "easy" to steal. Houses are generally easy to get into. Very few people can live with strong security controls, so they go with "good enough" until they get burned, then they look for more in a reactive manner.
That's not intrinsically a bad thing, though. You want to secure your house? Leave your porch light on. That may be good enough that your home is not broken into during your lifetime. If you have the only home in the neighborhood without bars in the windows, put some bars up and/or fix the neighborhood. There isn't enough resource in the global economy to put military security in every person's home, it isn't necessary pragmatically, and even attempting to go down that road is imho missing the intersting points about humanity (one pertinent point: "humans excel at calculating acceptable risk and transforming inanimate material and situational opportunities into fantastic creations despite such risk").
Consumers are not to blame for failing to deploy electronic security - we are. When and as we deliver security products that non-computer folks can grok, they consume them. When and as we deliver security products that non-computer folks cannot understand the tangible value in, they do not consume them.
We have a lot of work to do to ensure this electronic communication thingy doesn't collapse from dry-rot, but I don't think it is about to fall into its basement just yet.
> Why do people think differently of their computers? They don't. People don't think about security until they're in an obviously insecure situation or anxiety gets to them. Thus, as security professionals, our job is to both INCREASE and DECREASE their anxiety.
aargh.You don't have to freak people out to sell bullet-proof windows in south-central LA - you just have to convince them that they can afford them and that they will work.
Our job is to decrease their anxiety, and the success of our efforts is measured by our ability to do so.
-woof! -chris Chris Blask chris () blask org blaskworks.blogspot.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Impeding wireless (was Re: Hopefully not too OT), (continued)
- Impeding wireless (was Re: Hopefully not too OT) Kevin (May 02)
- Re: Hopefully not too OT Paul D. Robertson (May 02)
- Re: Hopefully not too OT David Lang (May 02)
- RE: Hopefully not too OT Paul Melson (May 02)
- Re: Hopefully not too OT Jim MacLeod (May 05)
- RE: Hopefully not too OT Behm, Jeffrey L. (May 02)
- RE: Hopefully not too OT Gregory Hicks (May 02)
- Re: Hopefully not too OT Kevin Sheldrake (May 03)
- RE: Hopefully not too OT MHawkins (May 05)
- RE: Hopefully not too OT Paul D. Robertson (May 05)
- RE: Hopefully not too OT Chris Blask (May 08)
- RE: Hopefully not too OT Frederick M Avolio (May 12)
- RE: Hopefully not too OT Paul D. Robertson (May 05)
- Re: Hopefully not too OT jimmy (May 05)
- RE: Hopefully not too OT Paul Melson (May 05)
- Re: Hopefully not too OT James Richards (May 05)
- RE: Hopefully not too OT Behm, Jeffrey L. (May 05)