On Mon, 5 Aug 2013, Glen Turner wrote: > My concern would be the sudden arrival of empowered but inexperienced > "experts" with rather military security ideas of how things should be done > into the core operations of Australia's telecommunications providers. That's > not going to work as well as you might think. > > As for "computer security professionals", I wouldn't let most of them > near an item of infrastructure.
I'm quiet concerned about the narrow focus of some computer security professionals I've been encountering lately. I hope they aren't indicative of a general trend. In particular they seem to be confusing "security" with "confidentiality" and forgetting the other two principles of the modern security triad. In particular, when you make a system harder to access you may be negatively impacting availability and _reducing_ the security of the system, rather than increasing it. FWIW maintaining system confidentiality at the expense of availability is easy - cut all network connections (with scissors), power the systems down and encase them in concrete. Great confidentiality (and integrity) but availability is zero. The challenge of security is to balance competing demands. That's why it is hard. It's worth noting that even outside of the computing arena the term security means more than just confidentiality. Consider the term 'food security'. This concept is about maintaining availability and integrity of food supplies. FWIW I studied cryptography at Uni two decades ago and I've worked in the security arena for my entire professional life but have not made it a specific focus. My view is that security should be part of any work done within IT/ICT or computer science. To some extent I'm concerned that "security theatre" has got out of hand with a lot of half knowledgeable people over-selling simplistic solutions to the unknowning. Oh dear that makes me sound jaded doesn't it :) Cheers, Rob -- Email: rob...@timetraveller.org Linux counter ID #16440 IRC: Solver (OFTC & Freenode) Web: http://www.pracops.com Director, Software in the Public Interest (http://spi-inc.org/) Information is a gas _______________________________________________ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link