Main Menu

Daily using/supporting

Get Firefox browser!
Get Thunderbird!
Get Opera browser!
Get The Gimp!
Get Inkscape!
Get LibreOffice!
Get Videolan!
Get Linux!
Get Mandriva!
Get Joomla!
Hacker Emblem

Popular Tags

Archives

Which topics would you like us to cover more?

Latest comments

Latest tweets

about 2 days ago Using REDIPS.drag to add drag and drop to your .Net webapplication #li #dib0 http://t.co/n8zY3s7d
about 8 days ago http://t.co/cknQcDbo #Kindle
about 16 days ago Freedom isn't the ability to choose what to do or say, but the ability to choose what not to do or say #freedom
21 Apr 2012 http://t.co/61KTQknI #Kindle
12 Apr 2012 Force the use of a networking adapter using C# #li #dib0 http://t.co/ZTJOPzOz
9 Apr 2012 http://t.co/k9yliR2t #Kindle
9 Apr 2012 Mandriva 2010.2 and USB devices in Virtualbox http://t.co/fwq9gbHB
9 Apr 2012 Execute a http request to you own site with PHP http://t.co/DIvWPrpd
Twitter
Prev Next
Home Architecture, security and coding The security dilemma revisited.
The security dilemma revisited.
Written by Division by Zero   
Tuesday, 16 March 2010 09:58

A while ago I wrote about the security dilemma. I think it's time to put this dilemma in a broader perspective. I changed the triangle I've used to reflect this context.

Security triangle in context

The dilemma given in my earlier post still stands, but the new perspective changes things. Security isn't only your problem or the problem of the application you build. Security depends ont the position your application has in the complete landscape. Each "building block" in this landscape has it's own security risk to handle, as you have to. But it's the complete picture that has to be secure enough to lower the risk to the organisation.

Besides the organisation has their own responsibility towards security. The choice between user friendliness, functionality and security is a business decision in the end (yes... we have to give our advise). The policies of an organization are abstractions of the truth. They are the way an organisation chooses to see the world and to react to this world. This vision of the world is leading for the structure of our application landscape, which should support the businessmodel and processes. And the application landscape determines the rules and regulations we have to follow and what our position in it is.
The rest of the world is important too. World standards are there to follow. They tell us something. We have to choose if we adapt these (or some of them) and, if we don't, why we don't. Either choice is good as long as we have are reasons for it. We have to realise that following them is in most cases the better choice.

Does this mean we are surrendered to outer side forces? Well... I whish I could say no. But, yes.... we are... partly. But this doesn't mean we should sit back and wait for the world (or in this case, the organisation) to change. We can actively adopt world standards, do whatever we can to make our applications secure enough and try to convince our customer if we need to. By starting discussions about security issues we raise awareness. This is a good starting point, the world doens't change overnight.

Tags:

Related Articles
 

Comments  

 
+1 # Valissa 2010-03-25 10:42
What a nice article, I had to think a while about it and the word 'convince' triggered this comment.
Does a customer really want security? 8)

Ok let's think aloud. :cry:thinking from the perspective of a customer I ask myself why should I need security, what are the benefits for me?
I can only see disadvantages like costs, time and it's difficult to understand.

Imagine that I'm a bank... what do I really want? Privacy for me and for my customers, always be up and running adn so on..

From that view regarded: Is security not a 'thing' of and for IT people? Isn't security 'just' enforcing the desired wants for a customer, like privacy, reliability etc? ;-)
So...in fact I get security for 'free' if I sell the right things? It can not be that easy!

Now I come to the point that I'm with my IT fellows... convincing them is yet an another challange.....
Reply | Reply with quote | Quote
 

Add comment


Security code
Refresh

Beware of bugs in the above code; I have only proved it correct, not tried it. - Donald E. Knuth


© 2009 - 2012, Division by Zero

Template based on the empire template by joomlashack 

Valid XHTML 1.0 Strict  Valid CSS!  Creative Commons License
This work by Division by Zero is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Netherlands License.