topic Re: Hey, reply to CISSP questions, and I can reply-via-email ... in Industry News

Efficiency, redundancy, and security

rslade — Wed, 15 Jul 2020 18:07:02 GMT

For three decades now, I have had a feeling that our constant (business) pursuit of efficiency was going to turn around and bite us at some point. (In the press of other events and research, I haven't been able to study it as thoroughly as I would have liked to.)

Well, now, Bruce Schneier (it would be Bruce, wouldn't it?) has pointed out that the CoVID-19 pandemic has amply demonstrated that efficiency is bad for security.

Initially, and specifically, efficiency eliminates redundancy, and efficiency is therefore at odds with business continuity planning. (As we tend to say in security, a redundant backup is not redundant when you need it.) Our pursuit of efficiency, and our elimination of margins in pursuit of immediate profits, has created extremely brittle systems and supply chains. It has taken a global crisis to point out the danger. Unfortunately, it has put us, globally, in a business situation facing massive debt, which will take at least a decade (at best) to climb out of, and which a great many businesses will not survive.

It is possible that the failure of so many enterprises will force business management and economics to re-evaluate our devotion to efficiency and unrestrained capitalism as the only guiding principle for business. One can hope, but I do rather fear the old adage that history teaches us that history teaches us nothing.

Re: Efficiency, redundancy, and security

CraginS — Wed, 15 Jul 2020 21:48:12 GMT

We have recognized these problems for decades. Remember 20 years ago, when Mac and *-ix proponents were begging their enterprise deciders-in-chief to embrace not only redundancy, but diverse redundancy. They were making the case that the All-Micro$oft environments pushed for the sake of financial and service support efficiencies pretty much guaranteed total disaster when the crunchy out shell of a network was broken by a single example of M$-specific malware.

Craig

Re: Hey, reply to CISSP questions, and I can reply-via-email ...

rslade — Mon, 20 Jul 2020 17:56:15 GMT

OK, this is pretty weird.

Even though my account is dead, a) I'm still getting subscrriptions, and b) "reply-
via-email" still seems to work.

So, if any of you lot want to go into "CISSP questions," and, every few days, post
*any*thing (even just, "hey, how about another CISSP question?"), it seems I'll
get it, and can reply to it with another question posting.

(Reply-via-email" only works once per posting, and it unreliable about a third of
the time, so, if you want more CISSP questions somebody will have to keep
posting there on a semi-regular basis.)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
What is best in life? To crash your enemies, to see them core
dump before you and to hear the lamentations of their processes.
- Conan the IDS
- https://twitter.com/TheRealSpaf/status/444151205213003776
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413