
Journal Zarf's Journal: Convenience To Security Scale 6
I was thinking about a few things... we're doing a kind of security system audit at work and I've come up with a few koans about it:
Convenience is inversely proportional to Security.
The more secure something is the more inconvenient it is.
The easiest security system to use is one that doesn't exist.
In one measure the goal of security is to make things hard for people. Specifically, it should make things extremely hard for Bad People (tm) and not too hard for Good People (tm).
So to that effect I've created the Convenience to Security Scale (patent pending).
On a scale from 1 to 10 a system that rates a 1 has no security whatsoever and is (presumably) very easy to use. And, a system that rates a 10 is perfectly secure because it is completely inaccessable. The goal is to judge where on the scale your system needs to be.
This model works even for insecure and frequently crashing programs since the frequent crashes are viewed (in this model) as a security feature preventing attackers from using the service. So making the program more stable and thereby more useable makes it more attackable... lowering its rating on the scale. A program that can't execute is perfectly secure since it can never be attacked.
The "secure" in this model is also referring to the protection of information... no "secret" information is divulged by the program. So a program that can't produce output is perfectly secure... it is also perfectly unusable.
Convenience is inversely proportional to Security.
The more secure something is the more inconvenient it is.
The easiest security system to use is one that doesn't exist.
In one measure the goal of security is to make things hard for people. Specifically, it should make things extremely hard for Bad People (tm) and not too hard for Good People (tm).
So to that effect I've created the Convenience to Security Scale (patent pending).
On a scale from 1 to 10 a system that rates a 1 has no security whatsoever and is (presumably) very easy to use. And, a system that rates a 10 is perfectly secure because it is completely inaccessable. The goal is to judge where on the scale your system needs to be.
This model works even for insecure and frequently crashing programs since the frequent crashes are viewed (in this model) as a security feature preventing attackers from using the service. So making the program more stable and thereby more useable makes it more attackable... lowering its rating on the scale. A program that can't execute is perfectly secure since it can never be attacked.
The "secure" in this model is also referring to the protection of information... no "secret" information is divulged by the program. So a program that can't produce output is perfectly secure... it is also perfectly unusable.
It's a circle (Score:2)
Re:It's a circle (Score:2)
Uh, I guess it's like dividing by zero.
The trick (Score:2)
Re:The trick (Score:2)
Shameless comment (Score:2)
This model works even for insecure and frequently crashing programs since the frequent crashes are viewed (in this model) as a security feature preventing attackers from using the service. So making the program more stable and thereby more useable makes it more attackable... lowering its rating on the scale. A program that can't execute is perfectly secure since it can never be attacked.
Where, then, on the scale does Windows fit with i
Re:Shameless comment (Score:2)
It seems to me you've illustrated a paradox. Perhaps it's so obvious, I shouldn't have even brought it up.
That would be the point. Having to reboot every 14 days or not being able to handle a heavy load could actually be seen as a security device. While I was in Germany I would hear US Army radio... they had a PSA that said, "Click it, Flick it, and Stick it to the Hackers!" Shutting your computer down at night was seen as a security f