Like we really needed this.

Hacker’s Blog

January 30, 2006

Technology Change

Filed under: — Hacker @ 4:31 pm

Technology change very often brings about new security risks. That should be obvious, especially in the 21st century, but apparently it is not. Security is almost never overdone, and there is nothing wrong with that. However, when there is a technology change, the assumptions that were used to validate the security of a system are no longer valid themselves. With change comes the need to re-evaluate the security controls and risk mitigations to determine if they are in fact still operational. Without some serious defense in depth, it doesn’t take much change to open new holes.

Currently the biggest problem in information security is that we do not have well adopted standard ways of describing the security controls and their dependencies. Thus re-validating a security system is an onerous task. There are some things we can do.

1) Use standards like X.805 to analyze systems and describe security controls and dependencies. {More to come}

2) Develop machine parsable (XML) standards for describing what we do so that machines can be used to help make sense of the information overload. {More to come}

• • •

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Like we really needed this.