Steven JW Kennedy

My Blog

Principles of Quantum Security

Posted by Steven Kennedy on April 24, 2008


There is an article in this months TechNet magazine called ‘Principles of Quantum Security‘, written by Jesper Johansson.

I found this quite an interesting read. It’s targeted for for IT Security pros but it does contain some scientific analogies that are probably more meaningful for readers with a science/engineering background.

You need to read the whole article to get the full impact however the key argument/discussion point of the article is that when we implement some sort of IT Security mitigation we change the system that we’ve implemented the mitigation against. This means that the mitigation becomes part of the system and we should be re-evaluating the security posture of the system to see what, if anything, the mitigation has had. That is, what’s the ripple effect. An example Jesper uses is that of IDSes. If you implement IDSes to mitigate a risk in all likelihood you’re going to be having the logs go to a central system. In doing so it probably means that some sort of privileged account is used. Therefore you now have additional systems/services that if they’re compromised could give access to a privileged account …. etc. Hence the law of unintended consequences.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: