Daniel E. Geer
Abstract
Security people are never in charge unless an acute embarrassment has occurred. Otherwise, their advice is tempered by “economic reality,” which is to say that security is a means, not an end. This is as it should be. Since means are about tradeoffs, security is about trade-offs, but you knew all that. Our tradeoff decisions can be hard to make, and these hard-to-make decisions come in two varieties. One type occurs when the uncertainty of the alternatives is so great that they can’t be sorted in terms of probable effect. As such, other factors such as familiarity or convenience will drive the decision. This, too, is as it should be.
- Costs of Information Assurance. 2002. National Center for Manufacturing Sciences (August); http://trust.ncms.org/pdf/CostInfoAssur-NCMS.pdf.Google Scholar
- Borge, D. 2001. The Book of Risk. John Wiley & Sons.Google Scholar
- Gorman, S.P., Kulkarni, R., Schintler, L., Stough, R. 2004. Is Microsoft a threat to national security? The effect of technology monocultures on critical infrastructure. George Mason University, Infrastructure Mapping Project working paper; http://policy.gmu.edu/imp/research/Microsoft_Threat.pdf. (Full discussion of these results is outside the scope of this essay.)Google Scholar
- Myneni, R.B., et al. 2007. Large seasonal swings in leaf area of Amazon rain forests. Proceedings of the National Academy of Sciences 104(12): 4820-4823.Google ScholarCross Ref
- Holldobler, B., Wilson, E.O. 1990. The Ants. Cambridge, MA: Harvard University Press.Google Scholar
- Seeley, T.D., and Tarpy, D.R. 2007. Queen promiscuity lowers disease within honeybee colonies. Proceedings of the Royal Society of London 274: 67-72.Google ScholarCross Ref
- Wassenaar, T.M., Blaser, M.J. 2002. Contagion on the Internet. Journal of Emerging Infectious Diseases 8(3).Google ScholarCross Ref
- Jones, J.C., Myerscough, M.R., Graham, S., Oldroyd, B.P. 2004. Honeybee nest thermoregulation: Diversity promotes stability. Science 305(5682): 402-404.Google ScholarCross Ref
Index Terms
- The Evolution of Security: What can nature tell us about how best to manage our risks?
Recommendations
Labeling-in Security
Using exams to create labels for our workforce might sound like a way to get more trustworthy systems, but it's not. If it walks like a duck, quacks like a duck, and looks like a duck, then there's good reason to believe that it's a duck. But you don't ...
Composing Security Metrics
Security ProtocolsI have to apologise that, having been asked to set the pace, I have done something inadvertently terrible: I have prepared a presentation and a paper that's approximately in keeping with the theme of the workshop; that is entirely an accident, I have ...
From security protocols to systems security
Proceedings of the 11th international conference on Security ProtocolsPekka Nikander: Do you have any feeling for how much of this system you can model?
Reply: It's a moveable feast: you can choose the boundary. But if you don't have any boundary at all then I don't think you've got enough context...you need to talk about ...
Comments