On 13/07/13 09:43 AM, Noon Silk wrote:
So what should everyone do?
Risk analysis. Which starts with your business model.
What you do is go talk to your customers and figure out what happens to
them. Formally, you would figure out the frequency of these events, and
multiply them by the damages. Order them that way. Concentrate on the
top one first, munch your way down the list.
If you do this, in ordinary business, you will find that the NSA isn't
even on the list, unless for some reason you targetted some space that
they also targetted [0].
<advert> E.g, in my current business I'm dealing with savings for v.
poor women in Africa. The threats that are hitting them are shakedowns
by police, government, scammers, banks, merchants, each other, family,
and self, not necessarily in the order we westerners expect. Sometimes
with violence. So those are the things I'm building the system to
protect against, which of course takes some cryptography to preserve and
lock down assets rather than hide them, mixed with a lot of other
things... your classic old 1990s CIA models aren't going to help a lot
here. </>
iang
[0] jihadist websites, CAs and chat systems for Americans spring to mind.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
