|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Acceptable Losses (was Re: Whoops! (re: WH network monitoring plan response))
In message <[email protected]>, Sean Donelan writes: > >On Tue, 24 Dec 2002, Richard Forno wrote: >> In my last post when I said this: >> > If something's deemed 'critical' to a large segment of the population, the >n >> > security must NEVER outweigh conveinience. Period. Non-negotiable. >> >> I meant to say that security must ALWAYS outweigh convienience. > >Sigh, people are playing games with words to force false choices. Of >course its negotiable because the act of defining something "critical" >is a negotiation. > > Not only that -- security is not 0/1, all or nothing. It is possible to be more or less secure; building a security system -- like a firewall -- that has only the two states of "wide open" and "absolutely impenetrable" is a bad idea. Security is about risk management -- see Schneier's book "Secrets and Lies". --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) |