Re: How efficient is mounting /usr ro?
Matt Zimmerman wrote:
>
> On Sat, Oct 18, 2003 at 11:34:06PM -0400, Daniel B. wrote:
>
> > Matt Zimmerman wrote:
> > > > Information Security - As defined by ISO-17799, information security is
> > > > characterized as the preservation of:
> > > > [...]
> > > > * Availability - ensuring that authorized users have access to
> > > > information and associated assets when required.
> > >
> > > ISO, I'm afraid, does not document either English or Information Technology.
> > > They are free to define terms however they like ....
> >
> > [...]
> > Preventing successful denial-of-service attackes preserves the availability
> > or your information.
> >
> > So how are those definitions invalid?
>
> I didn't say they were invalid;
You said that ISO's terms don't "document either English or Information
Technology" and now you say:
However, they won't necessarily correspond to reality...
How do they not reflect reality>
> where "availability" is not a component of "information security",
Huh? The reason information security is so tricky is that availability
is a key part. If it only involved confidentiality, you could lock data
up in a vault, or throw it down a black hole (ignore recent physics
thought on preservation of information), and information security would
be easy to provide.
However, it is _not_ easy, and one reason is that it requires making
information available to the right people while keeping it secret and
protected from the wrong people.
So what is it that you're arguing about? That computer security in
general is not information security? If so, so what? That's why
ISO says" _information_" security instead of just "security."
Daniel
--
Daniel Barclay
dsb@smart.net
Reply to: