[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How efficient is mounting /usr ro?

On Sat, Oct 18, 2003 at 11:34:06PM -0400, Daniel B. wrote:

> Matt Zimmerman wrote:
> > > Information Security - As defined by ISO-17799, information security is
> > > characterized as the preservation of:
> > > [...]
> > >     * Availability - ensuring that authorized users have access to
> > >       information and associated assets when required.
> > 
> > ISO, I'm afraid, does not document either English or Information Technology.
> > They are free to define terms however they like ....
> 
> [...]
> Preventing successful denial-of-service attackes preserves the availability
> or your information.
> 
> So how are those definitions invalid?

I didn't say they were invalid; in fact, I defended ISO's right to use
whatever definitions they please.  However, they won't necessarily
correspond to reality, where "availability" is not a component of
"information security", except insofar as good security prevents someone
from actively attacking your system's availability (i.e., a DoS).  This is
probably what ISO meant, though I'm not at all interested in purchasing a
copy of the relevant standard to find out.

This means that things like a UPS are not "information security" measures,
nor are good system administration practices which might serve to improve
overall system availability.

-- 
 - mdz
Reply to: