Here http://thecipblog.com/?author=3 I found this quote:
“In order to be designated ‘critical information infrastructure’, how many deaths would the failure of a network have to cause?" asks Matthew Holt, the author of this blog article.
He raises a good point. He asks if “death of people” would be a legitimate category of criteria to use when determining the level of criticality of an ICT system". His answer is "yes", and the number is
"one". Well OK, death is death and irreversible, but there are many other failure modes that are not death and may be too much trouble to reverse. I suppose one example of a "worse case scenario" would be a take-over of your nation by a foreign totalitarian oppressive regime. Or an attempt that leaves you in war-zone or one of the refugee camps that litter the Third World.
But lets not be unreasonable: what about a failure that causes the loss of you company or the collapse of your nation's economy. You're alive, you're out of work, your retirement savings are dust and as soon as your current account runs out the bank will foreclose on your house. But you're alive!
Well, OK, in reality its not as bad as that. Instead of world-wide economic collapse, the bank was sloppy and simply lost a tape with account details and someone stole your ID - along with about 100,000 others - and sold your house without you knowing, but you still get landed with the mortgage. OK, you can clear it up, given time, but the lawyer cost money and the whole process is stressful. And so is the divorce that it causes. But you're alive!
But really, lest not be pessimistic about this. We all know that Matthew is right, that outside of hospitals, planes trains and automobiles, computer security - think integrity, think availability -
doesn't cause deaths. And we're being assured that 'hands free' interfaces for our cell phones will eliminate deaths due to inattentive drivers,so that just leaves hospitals, planes and trains, and I'm sure those can be avoided.
No, what we really have to worry about is what frightens every manager of any project that involves computers: spam - unsolicited mail. Because as all those managers know, its the main source of viruses. And viruses *DO* cause deaths. Every manager, even those not in IT, know about the 1918 pandemic, and the World Health Organization has declared that the H1N1 virus is a pandemic, so eaven help us if the computers catch it.
So perhaps the best thing, they reason, is to disconnect the computers from the network.
Heck, that way it won't matter if the network fails, and it's failure won't be cable to cause any deaths.
So why do we need these security guys working for us if its that simple?
Related articles by Zemanta
- WHO should revise meaning of 'pandemic': expert (ctv.ca)
- Reputation is everything in IT security (guardian.co.uk)
- Next steps in cyber security awareness (googleblog.blogspot.com)
- Passwords 101: How to Protect Your Company's Data (online.wsj.com)
- AT&T says Mitnick is too hot for them (inquisitr.com)
- Cisco profits slip 19%, but pass 'tipping point' (theregister.co.uk)
Posted by antonaylward
I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity