Creating a secure system can be a difficult and elusive objective. The moment you think you’re finished, you’ve opened yourself up to an attack. People who are aware that they can never be completely secure are more likely to be vigilant, thus increasing their awareness and attention to security issues. For instance, a flight crew who believes the airport security checks guarantee everyone on the plane can be trusted will have a false sense of security. Someone could pose as a food service employee and board the plane, entirely bypassing the security system. Even if an organization were to spend all of its resources on security, there would still be a potential for failure and since no one can afford to do that, failure is inevitable. The question to ask is how, not if, your security will fail. Being aware of the limitations and introducing graceful ways of failing can significantly reduce the impact of attacks. Failing gracefully means having multiple backup plans or ways to mitigate the damage that can be caused by an intruder. A system that has been designed to fail gracefully will at least be able to contain the attack, and might even be able to prevent it entirely.
Absolutely right. But, wait…aren’t you FEAR-MONGERING, to gain support for your job!? Shouldn’t you appease the security threat people by saying nice things to them and not annhiliating their program hacks?!
Heh. It certainly wasn’t my intention to incite fear to gain support. It’s mainly to point out that failures are going to happen so we have to take a look at what happens when something fails. If it fails badly, that’s an area that needs to improve.
Absolutely. Sorry the tongue-in-cheek tone didn’t translate very well…I meant that in a completely satirical manner!!
Aha! I’ll have to pay more attention next time ;)
hello, i am writting from poland, its very interesting site, it was nice to see it :)