| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

An open approach to security

Page history last edited by PBworks 18 years ago

An Open approach to Security

 

 

Abstract

 

 

Security in its bare minimum can be boiled down into preserving the CIA triad of Confidentiality; making sure that unauthorised personnel do not have access to the resource, Integrity; that unauthorised personnel cannot modify the resource, and Availability; that the resource is always available to those having proper access. The more difficult decision making will become, when presented with innumerable choices. To make a informed decision is not only the duty of a security implementator, but a pre-requisite for any efficient security mechanism. The only parameter that seperates a "successfull break" into a system and a "not-yet-successfull" attempt is TIME. No matter how effectively the security is implemented the system is still "potentially breakable". But often this is not the case. Most break ins occur not due to the "potentially breakable" factor, but because the security configurations and policies are not effectively implemented. This paper will help shed some light on an "open" approach to implement security policies and configurations.

 

 

Introduction

 

In school, I am sure all of us must have had the temptation to cheat on the exam paper. There were many effective methods, the one i preffer, i'l bet the most effective was to simply have your text/note book under the desk and replicate as elegently as possible, intentionally leaving human errors, to avoid suspecion. Now, those tests relied on a false sence of "security". The questions set were such

that it believed in "obscurity". As long as students were obscured from viewing the answer in the book, the test will succeed in it objective. Ofcourse you can pack exam halls with cctvs and other monitors to deter most "potential" cheats. But we all know quite well, its still "cheatable". It comes as no surprise really that the toughest exams were however the "open book" counterparts. It doesnt rely on "security" through obscuring the student from seeing the answer. The major difference being that he has to "apply" his knowledge and not just "acquire"

it(from textbook). So right from school days we all know that security through obscurity is an "inferior" choice to an open approach.

 

 

 

Security?? Is it all technical??

 

The short answer to it is a big NO. Security cannot be just a technical issue. If you have to prevent a "potential" employee from getting recruited because he is a "suspected" spy from a rival company, whom would you approach? ; The ISO or the HR manager? Just in the same vein, it would be very difficult to implement security decisions without a proper management policy. Infact the most significant feature of a modern security approach is the importance it gives to the "security policies" over individual "security decisions". The trend has been with framing a general company-wide policy as a security solution, than just to provide the technical patch. Looking at a problem as common as a virus outbreak, there can be many approaches, you can either recommend a particular brand of anti-virus and train the employees into using them, or you could couple it with a policy of making sure that no employee brings in a any data from outside and takes any data to outside in a medium not tested by the security personnel. The later response would be considered more complete and accepted.

Comments (0)

You don't have permission to comment on this page.