Steven JW Kennedy

My Blog

Principles of Quantum Security

Posted by Steven Kennedy on April 24, 2008

There is an article in this months TechNet magazine called ‘Principles of Quantum Security‘, written by Jesper Johansson.

I found this quite an interesting read. It’s targeted for for IT Security pros but it does contain some scientific analogies that are probably more meaningful for readers with a science/engineering background.

You need to read the whole article to get the full impact however the key argument/discussion point of the article is that when we implement some sort of IT Security mitigation we change the system that we’ve implemented the mitigation against. This means that the mitigation becomes part of the system and we should be re-evaluating the security posture of the system to see what, if anything, the mitigation has had. That is, what’s the ripple effect. An example Jesper uses is that of IDSes. If you implement IDSes to mitigate a risk in all likelihood you’re going to be having the logs go to a central system. In doing so it probably means that some sort of privileged account is used. Therefore you now have additional systems/services that if they’re compromised could give access to a privileged account …. etc. Hence the law of unintended consequences.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: