Re: How efficient is mounting /usr ro?
On Sat, Oct 18, 2003 at 11:34:06PM -0400, Daniel B. wrote:
> Matt Zimmerman wrote:
> > > Information Security - As defined by ISO-17799, information security is
> > > characterized as the preservation of:
> > > [...]
> > > * Availability - ensuring that authorized users have access to
> > > information and associated assets when required.
> >
> > ISO, I'm afraid, does not document either English or Information Technology.
> > They are free to define terms however they like ....
>
> [...]
> Preventing successful denial-of-service attackes preserves the availability
> or your information.
>
> So how are those definitions invalid?
I didn't say they were invalid; in fact, I defended ISO's right to use
whatever definitions they please. However, they won't necessarily
correspond to reality, where "availability" is not a component of
"information security", except insofar as good security prevents someone
from actively attacking your system's availability (i.e., a DoS). This is
probably what ISO meant, though I'm not at all interested in purchasing a
copy of the relevant standard to find out.
This means that things like a UPS are not "information security" measures,
nor are good system administration practices which might serve to improve
overall system availability.
--
- mdz
Reply to: