Rethinking Security: Securing Activities Instead of Computers

← Back to Stories (view on slashdot.org)

Rethinking Security: Securing Activities Instead of Computers

Posted by samzenpus on Monday June 15, 2015 @07:21AM from the whole-package dept.

An anonymous reader writes: Security is not a property of a technical system," says independent security consultant Eleanor Saitta. "Security is the set of activities that reduce the likelihood of a set of adversaries successfully frustrating the goals of a set of users." But software development teams that understand what users want and what adversaries they face are very rare. And security engineers forgot — or misunderstood — what their job is: not securing computers, but securing activities that lead to the realization of greater goals.

1 of 55 comments (clear)

Min score:

Reason:

Sort:

After skimming, reading and confusion. by Anonymous Coward · 2015-06-15 07:38 · Score: 3, Interesting

After reading the 'article', I am not sure what is being said or the point is for that matter. I don't understand WTF is being said.

"A threat model is a formal, complete, human-readable model of the human activities and priorities and of the security-relevant features of in-scope portions of a system," Saitta defines. "An engineering tool that will help use define what we are trying to get the system to do."
Huh? That sounds like a REAL fancy way to say social engineering.
In my years in this shitty fucking business, there are a lot of BS artists who get away with bullshit because the IT/engineering industry is almost exclusively filled with people who are afraid of appearing 'stupid' to say he looks naked and charlatans get away with selling shit. The Emperor may have no clothes, but everyone is too afraid to appear stupid or have some arrogant asshole say, "You don't belong here!" because HE thinks there are clothes.
Is this article different? I don't know.

independent security consultant Eleanor Saitta
Ah 'consultant'.