Is 100% Security Possible?

  • Comments posted to this topic are about the item Is 100% Security Possible?

  • And yet we rush to the cloud, increasing our attack surface to an unimaginable degree.

    The basic problem is two fold. One, the whole problem is far too complex. Developers pile complex systems higher and deeper and laugh madly at the tangle, rushing blindly to pile even more systems into the mix that were never designed to work together. At the same time ignoring the fact even one flaw can destroy the whole thing.

    Kind of like the pressure hull on a submarine, really.

    Second, NO ONE knows how security works. Or, more precisely, we have no idea how to implement security in a simple manner. In security complexity is lethal. It's far easier to secure a single locked room than it is an entire city.

    We cannot solve the current security Gordian knot. We have forgotten KISS and until we fundamentally change our approach we never will.

     

  • Unfortunately I see a fair amount of people not wanting to automate processes. 🙁

    Kindest Regards, Rod Connect with me on LinkedIn.

  • roger.plowman wrote:

    And yet we rush to the cloud, increasing our attack surface to an unimaginable degree.

    Second, NO ONE knows how security works. Or, more precisely, we have no idea how to implement security in a simple manner. In security complexity is lethal. It's far easier to secure a single locked room than it is an entire city.

    On the farm, we kept livestock in enclosed fields with a single gate that could be opened and closed.  When we wanted to move some of the livestock from one field to the other, we opened the gate, drove only the selected ones through, and closed the gate.  When we were finished working with the few, we opened the gate, drove them back in with the others, and closed the gate again.

    Rick
    Disaster Recovery = Backup ( Backup ( Your Backup ) )

  • No, currently it is not possible to achieve perfect security.

    The current state of the art in information security is to grab some existing mathematical, technical or bureaucratic method to fix the issues we already have burning and at large.

    There is no structured theory of information security. The whole area touches too important philosophical questions to be structured, described and sorted out easily.

    For example, authentication is literally checking that user who knocks the door is the one by validating something that he has, knows or is! I guess the humanity as a whole is not ready to answer any of these questions with absolute and formally validated confidence, yet. Many managed IT service company in NJ provides robust security, but there is always chances of errors everywhere.

     

  • Nonsense - there's always a way to achieve perfect security.

    step 1:  Collect all electronic devices.  Lay them out on a flat hard surface

    Step 2: go outside and find the largest heaviest rock you can find.  If you can't find a rock, any hammer or sledge hammer will do....

    Step 3:   watch Office Space...

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • Security is getting better, attacks are getting more creative and complex.

    Once we get rid of all these simple attacks, and many of them are simple and easily preventable, it will remain to be seen how hard it is to secure things.

    I just wish more companies that had RCA retrospectives would publish details that help us learn to be better.

     

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply