-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Humans are stupid.
Engineer around that. :-) - - ferg On Sun, Aug 16, 2009 at 10:03 PM, Ali, Saqib <[email protected]> wrote: > > The traditional (draconian??) e-security departments are having a > field day with all the media buzz on insecurity of the cloud > computing. They are missing the big picture. > > Risk management is important. However what I am seeing right now is > that most traditional e-security dept are just concentrating on the > the Vulnerability component of the Risk equation: > > Total risk = Threat X Vulnerability X Asset value > Residual risk = Total risk - Countermeasures > > They are completely leaving out the "likelihood of a event happening" > from their analysis. > > Countermeasures are put in place to reduce the likelihood of an event, > which minimizes the overall residual risk. > > In the words of Professor David Deutsch, "Problems are Soluble. > Problems are inevitable" > > No amount of precautions can avoid problems that we do not yet > foresee. Hence we need an attitude of problem fixing, not just problem > "avoidance". An ounce of prevention equals a pound of cure, but that’s > only if we know what to "prevent". If you’ve been punched on the nose, > then the science of medicine does not consist of teaching you how to > avoid punches. If medical science stopped seeking cures and > concentrated on prevention only, then it would achieve very little of > either. > > The traditional Enterprise IT world is buzzing at the moment with > plans on how to stop Cloud Computing from entering into the workplace. > It ought to be buzzing with plans to reduce the security and privacy > risks associated with Cloud Computing and improve data-portability and > forensic capabilties. And not at all costs, but efficiently and > cheaply. And some such plans exist, host-proof hosting[1], for > example. > > With problems that we are not aware of yet, the ability to put right - > not the sheer good luck of avoiding indefinitely - is our only hope, > not just of solving problems, but of making technological progress. > > (the above is based on a talk by Professor David Deutsch on problem > avoidance) > > 1. http://en.wikipedia.org/wiki/Host-proof_hosting -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFKiPJfq1pz9mNUZTMRArU3AKDB+x/BWBiV/8fNkywU2Anpio8obACfYEtN Y5qYjpE4xArfhAdfzEIUOfk= =g9Z/ -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
