Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Google's Email Sobriety Test | Main | Desktop Linux Desktop Not Total Replacement for Windows »

Complexity Can Improve Security

Just over a year ago I discussed whether complexity is the enemy of security. I believed complexity is a significant threat to security. Like so many things in life, there is no simple black and white distinction here.

The best evidence for this is Jesper Johansson's Revisiting the 10 Immutable Laws of Security, Part 1. He argues that old rules, like "If a bad guy can persuade you to run his program on your computer, it's not your computer anymore." and " If a bad guy can alter the OS on your computer, it's not your computer anymore" are not necessarily true anymore.

The reason is that as systems get more complex there are more opportunities to block and recover. Think of humans. We're surrounded by bacteria, viruses (the biological kind) and other kinds of pathogens yet we survive quite well. The reason: resiliency born from biological complexity. Our IT systems of course are no where near that level of complexity but the principal is the same.

More on this later today. Johansson is on to something important and the paper is well worth reading.

UPDATE: The follow-up post I mention above is here.

Tags:                  
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on October 8, 2008 8:38 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/886

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net