Talk:Information security: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Howard C. Berkowitz
(Proper title?)
 
imported>Howard C. Berkowitz
 
(6 intermediate revisions by 2 users not shown)
Line 8: Line 8:


[[User:Howard C. Berkowitz|Howard C. Berkowitz]] 17:37, 9 August 2008 (CDT)
[[User:Howard C. Berkowitz|Howard C. Berkowitz]] 17:37, 9 August 2008 (CDT)
: I prefer "information security" as a title for a top-level article. "communications security" excludes things like secure storage, "cryptography" excludes [[spread spectrum]], and so on, but some of the concepts & techniques are common to all those. There needs to be one overview article that covers the more general issues and links down to various lower level articles. Of course, they should generally link up to it too. This article isn't there yet, but it is a fine start. [[User:Sandy Harris|Sandy Harris]] 13:39, 24 October 2008 (UTC)
::I like "information security" as well. Maybe Fort Meade rotted my brain with too many repetitions of "information assurance", which sounds entirely too complacent. If it's still OK, I'll reuse that and do the metadata, being very careful the definition is general enough. Hopefully, I'll get to it today -- lot of mundane interruptions, so I grab a few minutes at the keyboard and then return to attending to cats. [[User:Howard C. Berkowitz|Howard C. Berkowitz]] 17:24, 24 October 2008 (UTC)
== A quote ==
While looking for something else, I ran across this quote from Gene Spafford:
Secure web servers are the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges. Further, the roads are subject to random detours, anyone with a screwdriver can control the traffic lights, and there are no police.
Source [http://homes.cerias.purdue.edu/~spaf/quotes.html]. I'm not sure where this fits in, but it seemed worth dropping here for future reference. [[User:Sandy Harris|Sandy Harris]] 13:46, 24 October 2008 (UTC)
Also, among a large collection at [http://homes.cerias.purdue.edu/~tripunit/spaf-analogies.html]
Those of us in security are very much like heart doctors -- cardiologists. Our patients know that lack of exercise, too much dietary fat, and smoking are all bad for them. But they will continue to smoke, and eat fried foods, and practice being couch potatoes until they have their infarction. Then they want a magic pill to make them better all at once, without the effort. And by the way, they claim loudly that their condition really isn't their fault -- it was genetics, or the tobacco companies, or McDonalds that was to blame. And they blame us for not taking better care of them. Does this sound familiar?"
In acceptance speech for the NCSSA award at the 23rd NISSC in 2000
[[User:Sandy Harris|Sandy Harris]] 13:55, 24 October 2008 (UTC)
:I am in hysterics, as you may not know that I've done a lot of work in cardiology. When I became active surrogate for my mother's care, I discovered her 350-pound, chain-smoking primary physician was a cardiologist who did primary care. As I remembered, I fired him on the spot, then read the chart notes and found every reason to have done so. It was a terminal situation anyway, but, to fit your example, he wouldn't listen to the oncologists or the pain specialists. [[User:Howard C. Berkowitz|Howard C. Berkowitz]] 17:22, 24 October 2008 (UTC)

Latest revision as of 19:03, 24 October 2008

Proper title?

Actually, I started out thinking I was going to call it "secure communication", in the sense of "what makes a communication secure". Communications security fell out from pure editing I was doing in cryptography.

Looking at this article, I'm wondering if "information security" is an even better title, perhaps reserving "communications security" for cipher#bulk encryption, spread spectrum/frequency agility, red-black engineering, protection against things like Operation RAFTER, etc.

Thoughts? Comments?

Howard C. Berkowitz 17:37, 9 August 2008 (CDT)

I prefer "information security" as a title for a top-level article. "communications security" excludes things like secure storage, "cryptography" excludes spread spectrum, and so on, but some of the concepts & techniques are common to all those. There needs to be one overview article that covers the more general issues and links down to various lower level articles. Of course, they should generally link up to it too. This article isn't there yet, but it is a fine start. Sandy Harris 13:39, 24 October 2008 (UTC)
I like "information security" as well. Maybe Fort Meade rotted my brain with too many repetitions of "information assurance", which sounds entirely too complacent. If it's still OK, I'll reuse that and do the metadata, being very careful the definition is general enough. Hopefully, I'll get to it today -- lot of mundane interruptions, so I grab a few minutes at the keyboard and then return to attending to cats. Howard C. Berkowitz 17:24, 24 October 2008 (UTC)

A quote

While looking for something else, I ran across this quote from Gene Spafford:

Secure web servers are the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges. Further, the roads are subject to random detours, anyone with a screwdriver can control the traffic lights, and there are no police.

Source [1]. I'm not sure where this fits in, but it seemed worth dropping here for future reference. Sandy Harris 13:46, 24 October 2008 (UTC)

Also, among a large collection at [2]

Those of us in security are very much like heart doctors -- cardiologists. Our patients know that lack of exercise, too much dietary fat, and smoking are all bad for them. But they will continue to smoke, and eat fried foods, and practice being couch potatoes until they have their infarction. Then they want a magic pill to make them better all at once, without the effort. And by the way, they claim loudly that their condition really isn't their fault -- it was genetics, or the tobacco companies, or McDonalds that was to blame. And they blame us for not taking better care of them. Does this sound familiar?"

In acceptance speech for the NCSSA award at the 23rd NISSC in 2000

Sandy Harris 13:55, 24 October 2008 (UTC)

I am in hysterics, as you may not know that I've done a lot of work in cardiology. When I became active surrogate for my mother's care, I discovered her 350-pound, chain-smoking primary physician was a cardiologist who did primary care. As I remembered, I fired him on the spot, then read the chart notes and found every reason to have done so. It was a terminal situation anyway, but, to fit your example, he wouldn't listen to the oncologists or the pain specialists. Howard C. Berkowitz 17:22, 24 October 2008 (UTC)