On Fri, 8 Jun 2001, Kenneth E. Lussier wrote:
> They also take a fuller view of what "secure" means than most. They
> haven't just created a system that can't be broken into. They have taken
> into account things like back-ups, physical access security, etc.
Indeed. When I was working with the Air Force, I learned that their IA
(Information Assurance, what they're calling Information Security now) concept
is designed to assure four things:
- Availability (you can get to it when you want to)
- Integrity (you get in what you get out)
- Confidentiality (other people cannot get to it)
- Authenticity (you know who put it in or got it out)
Of these, only the last two are typically considered to be "security" by
many people. However, if you think about it, the last two are completely
useless without the first two. Security is a lot more than passwords and a
firewall. It is a UPS and backups, too. And a million other things. Of
course, most of all, it is a process, not a product [1].
Footnotes
---------
[1] See _Secrets and Lies_, Bruce Schneier, Wiley.
--
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or |
| organization. All information is provided without warranty of any kind. |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
