12Oct2009 (UTC +8) On Mon, Oct 12, 2009 at 19:07, Oscar Plameras <[email protected]> wrote: > Horses for courses. Military security is not comparable to a system that is > "Count and Tabulate.
Why not? If our AFP's J8 uses an OpenOffice spreadsheet to assign which of their assigned troops would go to which bed in their barracks, why should it be expected to be more secure than the COMELEC AES? What I'm saying is, that the security features of an IT product should be commensurate with the threats it is expected to protect against. And given the criticality of the function or the business value of an IT product, the more rigorous and detailed the assurance requirements should be. Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA http://www.laggui.com ( Singapore / Manila / California ) Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
