To beat the bear

By Roger on June 16, 2006 10:00 PM | | Comments (0) | TrackBacks (0)

In May 2005 I wrote about the security analogy about the bear, two guys one of home stops to put on running shoes. Its "good enough security." I dont have to outrun the bear, I just have to outrun you. I opined that that good enough security is only good enough for when your security exists only so you can check off a requirement with a regulatory agency. In reality, targeted attacks destroy "good enough" security. What if the bear doesn't care about your slower friend, what about when its personal.

In the June 2006 issue of SC Magazine, the opening editorial makes use of this analogy and makes the point that good enough security doesn't work against internal attacks either. They would argue that the main defenses are policies such as job rotation, separation of duties and rotation of duties.

Categories

Antivirus

0 TrackBacks

Listed below are links to blogs that reference this entry: To beat the bear.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/213

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on June 16, 2006 10:00 PM.

Can't stop for a minute was the previous entry in this blog.

Zero Day Mania is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.23-en

Search