[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RFC 2527 Physical Security Controls Question

To: "John C. Kennedy" <jkennedy@xxxxxxxxxxxxxx>
Subject: RE: RFC 2527 Physical Security Controls Question
From: Lynn.Wheeler@xxxxxxxxxxxxx
Date: Tue, 14 Dec 1999 12:40:50 -0800
Cc: "MHenry" <MHenry@xxxxxxx>, ietf-pkix@xxxxxxx, pki-twg@xxxxxxxxxxxxxxxxxxx


in the commercial world ... it is almost alwas a cost benefit trade-off ...
there are both penetration exploits and denial-of-service exploits.

a financial operation might have assets where management operations yield a
couple billion a day. if the operation of the infrastructure is dependent on
security features ... then crippling the security infrastructure might disable
the ability to perform financial management transactions and result in the
significant losses for the duration of the security infrastructure outage.

theft because of security problems not only may put reputation at risk, but may
represent a problem in any court &/or litigation. Litigating theft of
trade-secrets valued at several billion can be put at risk if security
procedures aren't proportional to the value of the trade-secret (it was
explained to me as analogous to not having fence around swimming pool and being
liable if somebody fell in ... having value of several billion out in the open,
of course somebody will steal it ... and it won't really be their fault).
claimed value of several billion for trade-secrets may necessitate demonstrating
security procedures valued at tens of millions or more ... and have no
obvious/known weakness (the bigger the value the higher the fence).

Prev by Date: RE: RFC 2527 Physical Security Controls Question
Next by Date: RE: RFC 2527 Physical Security Controls Question
Previous by thread: RE: RFC 2527 Physical Security Controls Question
Next by thread: Re: RFC 2527 Physical Security Controls Question
Index(es):
- Date
- Thread