“Your security policy may or may not involve politeness.”
-- Michael W. Lucas, “Absolute OpenBSD: UNIX for the Practical Paranoid”
I could easily have said the same thing myself in any number of conversations, but it was while I was referring to this book in the course of configuring a new firewall that I realized it was just the perfect way to say it.
This statement illuminates what I consider to be one of the biggest issues facing the adoption and deployment of secure computing systems, that security policy is a business decision and that the role of the applications that comprise the system is to enforce that policy, not set it.
|Comments? Complaints? Let the webmaster know (hey, he just might care).|
|Copyright © 2007,2008,2009 T. R. Burghart. All Rights Reserved.|