Strict Standards: Redefining already defined constructor for class wpdb in /home/thornock/public_html/wordpress/wp-includes/wp-db.php on line 52

Deprecated: Assigning the return value of new by reference is deprecated in /home/thornock/public_html/wordpress/wp-includes/cache.php on line 36

Strict Standards: Redefining already defined constructor for class WP_Object_Cache in /home/thornock/public_html/wordpress/wp-includes/cache.php on line 389

Strict Standards: Declaration of Walker_Page::start_lvl() should be compatible with Walker::start_lvl($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_Page::end_lvl() should be compatible with Walker::end_lvl($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_Page::start_el() should be compatible with Walker::start_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_Page::end_el() should be compatible with Walker::end_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_PageDropdown::start_el() should be compatible with Walker::start_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 556

Strict Standards: Declaration of Walker_Category::start_lvl() should be compatible with Walker::start_lvl($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_Category::end_lvl() should be compatible with Walker::end_lvl($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_Category::start_el() should be compatible with Walker::start_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_Category::end_el() should be compatible with Walker::end_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_CategoryDropdown::start_el() should be compatible with Walker::start_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 678

Deprecated: Assigning the return value of new by reference is deprecated in /home/thornock/public_html/wordpress/wp-includes/query.php on line 21

Deprecated: Assigning the return value of new by reference is deprecated in /home/thornock/public_html/wordpress/wp-includes/theme.php on line 508

Strict Standards: Non-static method GoogleSitemapGenerator::Enable() should not be called statically in /home/thornock/public_html/wordpress/wp-content/plugins/sitemap.php on line 2452

Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_query_vars() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 57

Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_posts_where() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 57

Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_posts_join() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 57

Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_tag_templates() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 160
Gary Thornock's Weblog » Security as minimization of damage
Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_add_ajax_javascript() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 160
6th Dec, 2005

Security as minimization of damage


Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/thornock/public_html/wordpress/wp-includes/formatting.php on line 74

Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_the_content_filter() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 57

Kim Cameron wrote this morning about a system security failure at Her Majesty's Revenue and Customs that allowed criminals to submit £30m of fraudulent tax credit claims using stolen identity information.

There's a lesson in this: always assume that a system will be compromised, in spite of good security practices, and design the system to minimize the damage that can occur when the failure happens.

From the article:

[S]ystems must be designed in light of the assumption that they will be breached, in spite of the security reviews. This may in fact not be true, but even knowing this, it is the best assumption one can make.

In fact, I'm starting to think that failure to do this is an act of professional incompetence.

It should be impossible to get a degree in computer science without demonstrating an understanding of this concept: system designs must include not only security and privacy threat analysis and mitigation strategies, but must indicate how breaches are dealt with so as to minimize damages.

If we care about security, privacy is our friend.

,

Comments are closed.

Categories