[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How efficient is mounting /usr ro?

On Sun, Oct 19, 2003 at 12:57:53PM +0200, Javier Fernández-Sanguino Peña wrote:

> On Sat, Oct 18, 2003 at 02:03:20AM -0400, Matt Zimmerman wrote:
> > >     * Availability - ensuring that authorized users have access to
> > >       information and associated assets when required.
> > 
> > ISO, I'm afraid, does not document either English or Information Technology.
> Its funny, because ISO-17799 is just copy & paste from BS-7799, which is a
> British standard and does document Information Techology security.  Not
> only the UK, but also the US is "strongly in favor" of this ISO standard,
> as the NIST itself declares [1]
> Moreover, is the standard used to define security policies in companies all
> over the world. So, I'm afraid, IMHO it does document IT security pretty
> well.

I don't care what security bible is quoted.  Just because this document says
that "Availability" is a component of "Information Security" doesn't mean
that every action which improves availability is a security measure.  To
stand behind such a simple-minded interpretation is ridiculous.

An action which prevents a potential attacker from crashing the system
improves availability in a security context.

An action which makes the system more stable or maintainable might also
improve availability, but has nothing to do with security.

Can we wrap this up now?  It's getting very, very stupid.

> Correct, but that precise definition of "security" is the one upholded by
> many security practicioners (for god's sake, it's even part of most
> security-related certifications and graduate/postgraduate courses!).

Academics, certification companies and other such entities often have
difficulty relating to actual practice.  But in this case, I think it's more
likely that you are misinterpreting the text.

 - mdz

Reply to: