According to the COBIT model, keeping your systems secure is not just about keeping the bad guys out, but about keeping the business running efficiently in the process (amongst other things). From the Risks Digest, a reader contributes:
The discussion about overly complex password rules reminds me of sage advice that Digital once published in a VAX security manual. I'll paraphrase: The definition of security must be broad. Security aims to see that authorized users, and only authorized users, succeed in doing their jobs. The modern definition of computer security seems much narrower. It focuses on preventing unauthorized uses, and malware. If security procedures hinder authorized users from doing their jobs, security still succeeds under the narrow definition, but fails under Digital's broader definition. An onerous password policy is a form of denial of service attack. Might things improve if we made security people responsible for productivity of the good guys as well as denial of the bad guys?Link: A Strong Password Isn't the Strongest Security
No comments:
Post a Comment