Charles wrote: >When I was doing security presentations as part of my job one of the >"controversies" I ran into was that the supposed percentage of insider >attacks is all over the place. I used to see 85% in one set of >statistics and nearly zero in others. I have no independent knowledge.
My point is that most insider attacks are not going to also exploit some cross-LPAR weakness: they're going to exploit some access. And if you have access, then data set encryption doesn't add any security. Again, Swiss cheese--it's not zero added value, just IMHO relatively minor. The insider attack is both better and worse than the external attack: better because they're presumably more quick and opportunistic--insiders would be less likely to hammer away at something for months trying to find a way in, I expect; worse because they're likely more targeted--the insider has a higher probability of knowing where the crown jewels are. Data set encryption has its place and adds some value. What I resist is the all-too-common "We encrypted some data sets, so now we're safe". No, what you've done is added a SMALL amount of additional protection. All that data is in the clear whenever it's used, and that represents significant risk. If you can work with it in its protected state, that risk is dramatically reduced. >I see it as a real possibility: >"It's only a sandbox system, so we pretty much give developers >whatever access they say they need." Ibid. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
