1998-02-19-22:45:20 Larry Kwiat:
> >From our discussion, I wonder if you'd admit to having learned anything
> >from anyone.
Maybe not from you, probably not from anyone who would waste time on the
CISSP, but from people who know more than me about computer security,
yes, of course, that's the only way to try to stay up to date in this
> > [ re off-site contingency facilities and their security ]
> > <snip> The access needs are far slimmer, so the security
> >can be cranked down way tighter for a given level of cost and user
> I don't agree. In many ways, an "exported tech. solution" is much harder to
> manage well as a security item than one onsite and owned.
What do you mean ``exported tech. solution''? It's a site that we set up
and administer, to which we have physical and network access, with
stricter physical security than our normal office, in-house WAN access
to other offices, and the exact same dialup access w/ security control
as our main site. We set it up, we run it, just the same way we run our
main site --- but since far less access is needed it can enjoy better
physical security, and the comms security is the same.
> Access needs are only a small part of the picture.
Again, what do you mean?
Computer security is a three-way tradeoff. Security, cost, and access
convenience. Reduce the demand for access convenience and you can
increase security for the same cost in $$$ and manpower, it's quite
> I'm afraid that about does it for me. I have other things to do than engage
> in this. Best of luck in your career.
Oops, by all means ignore this reply, didn't know you were leaving when
I started reading your note. Bye!