Anton J Aylward <anton @
the-wire .
com> writes about trading cost of loss
against cost of security:
> Visualize a graph if you will, two curves: A/x and B-(C/x) One curve
> is the value of what you want to protect, the other is what you are
> spending on protecting. You're plotting cost of security vs exposure.
> Somewhere the curves cross, your cost of righ and your cost of
> protection are in balance.
Just to share a different point of view, I find it impossible to talk
intelligently about only two axes. You need a third axis which shows
operational needs/capabilities.
The best analogy is physical security. You can always put your
valuables in a box and embed it in a thick covering of concrete. This
produces strong certainty regarding the physical location of your
valuables but reduces their usability. Once you put a door in the box
you're trading accessability against risk of loss. At the far end you
have a store open to the public -- yes, you get ripped off regularly,
but you treat it as a cost of doing business. The "security measures"
you take are activities that minimize losses and recoup their costs.
The tradeoff isn't risk against security costs, it's both against
operational needs.
After the Gulf War the defense establishment here decided they
couldn't wait for trusted OSes on everyones' desktop before hooking
Internet e-mail to classified network. They decided the risk of
desktop subversion was acceptable in exchange for the benefits of
network connectivity. So, they increased their exposure to attack at
the same time the threat was growing. They traded off the increased
risks against increased operational capabilities. Clausewitz could
have predicted it.
Rick.
smith @
sctc .
com secure computing corporation
|
|
