Security Basics mailing list archives
Re: Was Re: RAID 5 drive replacement schedule - Now "Availability"
From: Adriel Desautels <adriel () netragard com>
Date: Mon, 23 Jun 2008 12:35:37 -0400
Mike,I do agree that coffee is a critical aspect of security and without it all other aspects of security fail. Therefore, the coffee machine is clearly the most business critical system with respect to its availability. An outage there could be catastrophic.
On a more serious note, I'd never ignore the availability aspect of security. I'd be ignorant if I did that.
Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --------------------------------------------------------------- Netragard, LLC - http://www.netragard.com - "We make IT Safe" Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn Mike Hale wrote:
"Is the horse dead yet?" Apparently not. :) It has some twitches left. You're correct on your writings about how companies deal with the availability issues, and that, for some systems, it's not an issue if they go down. But that is part of the risk acceptance process. Whether the system is up and running or not remains an issue of availability, which a comprehensive InfoSec plan should deal with. "In those non-harmful cases the issue falls under the responsibility of IT/Networking/Whatever you want to call it." You're absolutely right. Even when it does brings harm it can fall under the IT/Network side of things. But the security plan in place should address the availability of that resource, and either seek to protect it or accept the risk of it going down. That's all part of the process. Certainly, your definitions where accurate, but we're discussing (or I am, anyway) security from an IT standpoint. Otherwise, we need to start adding in things like coffee makers (the availability of which carries the highest priority in my security policy :) ). To wrap things up, Availability is a part of the InfoSec process. You're absolutely correct in that, for some systems, availability is of limited concern. However, decisions like that are also part of the risk management process, which is a subset of a comprehensive security plan. What I'm not saying, or which I did not mean to say, is that the criticality of an unavailable system is always the same. What I also did not mean to argue is that the original posting necessarily fell under the security side of things. It just looked like you were ignoring the availability aspect of security, which is why I thought it'd be good to have this discussion. :) - Mike
Current thread:
- Re: RAID 5 drive replacement schedule, (continued)
- Re: RAID 5 drive replacement schedule Adriel Desautels (Jun 20)
- Re: RAID 5 drive replacement schedule Mike Hale (Jun 20)
- Was Re: RAID 5 drive replacement schedule - Now "Availability" Adriel Desautels (Jun 20)
- Re: Was Re: RAID 5 drive replacement schedule - Now "Availability" Mike Hale (Jun 20)
- RE: Was Re: RAID 5 drive replacement schedule - Now "Availability" Nick Vaernhoej (Jun 23)
- Re: Was Re: RAID 5 drive replacement schedule - Now "Availability" Mike Hale (Jun 23)
- RE: Was Re: RAID 5 drive replacement schedule - Now "Availability" Murda Mcloud (Jun 24)
- Re: Was Re: RAID 5 drive replacement schedule - Now "Availability" Adriel Desautels (Jun 23)
- Re: Was Re: RAID 5 drive replacement schedule - Now "Availability" Mike Hale (Jun 23)
- Re: Was Re: RAID 5 drive replacement schedule - Now "Availability" Adriel Desautels (Jun 23)
- Message not available
- Re: Was Re: RAID 5 drive replacement schedule - Now "Availability" Adriel Desautels (Jun 23)
- RE: Was Re: RAID 5 drive replacement schedule - Now "Availability" Nick Vaernhoej (Jun 23)
- RE: Was Re: RAID 5 drive replacement schedule - Now "Availability" Steve Fox (Jun 26)
- RE: RAID 5 drive replacement schedule Petter Bruland (Jun 20)
- RE: RAID 5 drive replacement schedule Murda Mcloud (Jun 23)
- RE: RAID 5 drive replacement schedule Burton Strauss (Jun 24)
- RE: RAID 5 drive replacement schedule Rivest, Philippe (Jun 20)
- Re: RAID 5 drive replacement schedule Adriel Desautels (Jun 20)
- RE: RAID 5 drive replacement schedule Murda Mcloud (Jun 23)
- Re: RAID 5 drive replacement schedule Adriel Desautels (Jun 24)
- Re: RAID 5 drive replacement schedule Mellow Marquis (Jun 25)