Re: Progress is inevitable

[Paul Ferguson <fergdawgster () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Humans are stupid.

Engineer around that. :-)

- - ferg


On Sun, Aug 16, 2009 at 10:03 PM, Ali, Saqib <docbook.xml () gmail com> wrote:

> The traditional (draconian??) e-security departments are having a
> field day with all the media buzz on insecurity of the cloud
> computing. They are missing the big picture.
>
> Risk management is important. However what I am seeing right now is
> that most traditional e-security dept are just concentrating on the
> the Vulnerability component of the Risk equation:
>
> Total risk = Threat X Vulnerability X Asset value
> Residual risk = Total risk - Countermeasures
>
> They are completely leaving out the "likelihood of a event happening"
> from their analysis.
>
> Countermeasures are put in place to reduce the likelihood of an event,
> which minimizes the overall residual risk.
>
> In the words of Professor David Deutsch, "Problems are Soluble.
> Problems are inevitable"
>
> No amount of precautions can avoid problems that we do not yet
> foresee. Hence we need an attitude of problem fixing, not just problem
> "avoidance". An ounce of prevention equals a pound of cure, but that’s
> only if we know what to "prevent". If you’ve been punched on the nose,
> then the science of medicine does not consist of teaching you how to
> avoid punches. If medical science stopped seeking cures and
> concentrated on prevention only, then it would achieve very little of
> either.
>
> The traditional Enterprise IT world is buzzing at the moment with
> plans on how to stop Cloud Computing from entering into the workplace.
> It ought to be buzzing with plans to reduce the security and privacy
> risks associated with Cloud Computing and improve data-portability and
> forensic capabilties. And not at all costs, but efficiently and
> cheaply. And some such plans exist, host-proof hosting[1], for
> example.
>
> With problems that we are not aware of yet, the ability to put right -
> not the sheer good luck of avoiding indefinitely - is our only hope,
> not just of solving problems, but of making technological progress.
>
> (the above is based on a talk by Professor David Deutsch on problem
> avoidance)
>
> 1. http://en.wikipedia.org/wiki/Host-proof_hosting


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFKiPJfq1pz9mNUZTMRArU3AKDB+x/BWBiV/8fNkywU2Anpio8obACfYEtN
Y5qYjpE4xArfhAdfzEIUOfk=
=g9Z/
-----END PGP SIGNATURE-----

--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawgster(at)gmail.com
ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.