Use of supposedly unique biological characteristics as a supposedly reliable
method of identifying people.
A system boundary or barrier that permits or denies access, depending on
the identity of the source/destination of a message or transaction.
Normally doesn't deal with content.
A supposedly secure space, protected by barriers such as firewalls.
A role associated with an attitude or state. An attitude or state
associated with a defensive role or position.
Pretending to be someone else. Identity theft.
Infererence Control means preventing unauthorized people from using intelligent
seaches and enquiries to penetrate confidentiality or privacy.
A local, temporary fix to a larger problem. People attach nicotine
patches to their arms, and leather patches to their sleeves.
Among other things, software patches are applied to close security loopholes
in systems. There are at least four problems with this:
||People Don't Apply Patches
||Users and administrators are overwhelmed with patches, and they simply
don't apply them.
||Developers Forget Patches
||New versions of software may restore the loophole, because the patch
has been forgotten.
||The patches themselves may be flawed - either failing to close the
loophole properly, or introducing further problems and side-effects.
||Multiple patches may interact in unpredictable ways - especially if
the sequence of applying the patches is important.
In broader intervention however, the question isn't whether patches
work, but whether we have any other choice. Any finite and manageable
intervention into a large complex system is necessarily a patch - at least
from some perspective. Although our fantasies and plans may be more
grandiose, we can only make real changes in patches (components).
The challenge is to weave many patches (components) together into a
coherent fabric (system). This is where we need an organic
approach - something akin to Christopher Alexander.
"Privacy is something we should all get over having lost." [Scott McNealy,
Sun Microsystems CEO]
In an electronic age, many secrets are provisional, contingent. Something
you had long forgotten - a past indiscretion, a false rumour - can be posted
on the Internet and disseminated around the world.
If you want to be elected to public office, or marry a Norwegian prince,
you apparently have to accept this as a matter of routine - for your nearest
and dearest as well as for yourself.
Paper records in dusty offices may be hard to access, and therefore
"practically obscure". But these records are still public, and therefore
vulnerable to sudden broadcast, if someone chooses to turn a searchlight
|security as fence
||Security is a container. It keeps
the good stuff in and the bad stuff out.
|security as game
||Security is a battle between attackers and defenders.
Attackers try to navigating a complex (and changing) space, where each
place or state gives you access to certain other places or states, and
visibility of some further places or states not directly accessible.
Defenders try to detect intrusion, close off as many access points as possible,
set traps, and keep changing the configuration of the space. This is a
of conceiving security.
|security as landscape
||Security involves a complex terrain, where some points
are (or appear) more attractive or vulnerable than others - to a range
of diverse stakeholders. Security involves a balance of risk and reward.
A property of a system or relationship based on expectations of reasonable
and fair behaviour.
|Veryard Project Papers
Dealing with a serious threat by creating and injecting (or disseminating)
a feeble and attenuated version of it.
Someone sent me a notice about a conference called The Joy of Work -
about management and spirituality. My heart sank at the thought of
all those earnest and jovial people, waffling knowingly about spirituality
in a five-star hotel at some fancy Mexican resort. (Nice work if you can
get it, though.)
Such conferences are packaged to make them as undangerous as possible.
Business is a complex self-healing system, perfectly capable of neutralizing
any really dangerous ideas, including spiritual ones. Let's send a few
maverick middle managers off to Mexico to be vaccinated - infused with
a weak and warm teabag spirituality - so that they will become immune to
the real thing. They can then return to their organizations and spout pseudo-spiritual
jargon, which in turn increases the resistance to dangerous ideas within
Vaccination works by educating and exercising the immune system. A network
security manager might try and persuade staff NOT to open weird email attachments
by disseminating an extremely weak software virus -- perhaps one that does
something mildly annoying and embarrassing -- Code Pale Pink perhaps.
Authority to perform certain security-charged acts, granted by an independent
body (such as a magistrate).
This page last updated on June 9th, 2004
Copyright © 2001-2004 Veryard Projects Ltd
in asssociation with