funsec mailing list archives
Re: Progress is inevitable
From: Paul Ferguson <fergdawgster () gmail com>
Date: Sun, 16 Aug 2009 23:02:17 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Humans are stupid. Engineer around that. :-) - - ferg On Sun, Aug 16, 2009 at 10:03 PM, Ali, Saqib <docbook.xml () gmail com> wrote:
The traditional (draconian??) e-security departments are having a field day with all the media buzz on insecurity of the cloud computing. They are missing the big picture. Risk management is important. However what I am seeing right now is that most traditional e-security dept are just concentrating on the the Vulnerability component of the Risk equation: Total risk = Threat X Vulnerability X Asset value Residual risk = Total risk - Countermeasures They are completely leaving out the "likelihood of a event happening" from their analysis. Countermeasures are put in place to reduce the likelihood of an event, which minimizes the overall residual risk. In the words of Professor David Deutsch, "Problems are Soluble. Problems are inevitable" No amount of precautions can avoid problems that we do not yet foresee. Hence we need an attitude of problem fixing, not just problem "avoidance". An ounce of prevention equals a pound of cure, but that’s only if we know what to "prevent". If you’ve been punched on the nose, then the science of medicine does not consist of teaching you how to avoid punches. If medical science stopped seeking cures and concentrated on prevention only, then it would achieve very little of either. The traditional Enterprise IT world is buzzing at the moment with plans on how to stop Cloud Computing from entering into the workplace. It ought to be buzzing with plans to reduce the security and privacy risks associated with Cloud Computing and improve data-portability and forensic capabilties. And not at all costs, but efficiently and cheaply. And some such plans exist, host-proof hosting[1], for example. With problems that we are not aware of yet, the ability to put right - not the sheer good luck of avoiding indefinitely - is our only hope, not just of solving problems, but of making technological progress. (the above is based on a talk by Professor David Deutsch on problem avoidance) 1. http://en.wikipedia.org/wiki/Host-proof_hosting
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFKiPJfq1pz9mNUZTMRArU3AKDB+x/BWBiV/8fNkywU2Anpio8obACfYEtN Y5qYjpE4xArfhAdfzEIUOfk= =g9Z/ -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Progress is inevitable Ali, Saqib (Aug 16)
- Re: Progress is inevitable Paul Ferguson (Aug 16)
- Re: Progress is inevitable Remo Cornali (Aug 17)
- Re: Progress is inevitable Drsolly (Aug 17)
- Re: Progress is inevitable Ali, Saqib (Aug 17)
- Re: Progress is inevitable Paul Bennett (Aug 18)
- Re: Progress is inevitable Ali, Saqib (Aug 19)
- Re: Progress is inevitable Paul M Moriarty (Aug 19)
- Re: Progress is inevitable Ali, Saqib (Aug 19)
- Message not available
- Re: Progress is inevitable Paul M Moriarty (Aug 19)
- Re: Progress is inevitable Remo Cornali (Aug 17)
- Re: Progress is inevitable David M Chess (Aug 19)
- Re: Progress is inevitable Ali, Saqib (Aug 19)
- Re: Progress is inevitable Paul Ferguson (Aug 16)