[ISM3 Users] Tuesday Insight: Environments

Anthony Nelson abnelson at estec.com
Wed Jul 11 20:37:57 CEST 2007 

We have to remember that our underlying goal is business 
functionality.  If we gather too much information we are using too 
much resources in the InfoSec function.  Ideally we want to gather 
the minimum amount of information required for us to make the correct 
decisions.  Any more than that is wasted resources, any less leaves 
us open to making the wrong decision.  Its a really thin line.

A. B. Nelson

At 04:18 PM 7/10/2007, you wrote:
>Adrian,
>
>The difference in POVs is that you want all the conceivable modeling
>data regardless of the model; while I think that collecting too much
>data is time consuming and expensive.
>
>With a good enough model and good enough data you can take informed
>decisions; with a perfect model and perfect data you can take informed
>decisions as well; but the ROI will be worse, or even negative.
>
>My best
>
>Vicente
>
>On 7/10/07, Adrian Wiesmann <awiesmann at somap.org> wrote:
> > Hello
> >
> > > - The real world normally changes faster than you can change your
> > > model of the world. So they tend to stay out of synch.
> >
> > Agree. Although changes should be noted somewhere. New people starting and
> > regulars leaving a company are managed in some database. Installed
> > software should be managed in some software or database. Networks should
> > be protocolled, systems should be documented. So isn't this only a
> > question of getting at the data?
> >
> >
> > > - I will repeat the main message from my original post: A human being
> > > can't be understood as a collection of cells. A company can't be
> > > understood as a collection of information system components.
> >
> > I understood this sentence. I am only not sure if I agree.
> >
> >
> > > > - Everything in a company is an asset (cable, room, file cabinet,
> > > > people).
> > >
> > > I don't agree. Take me for an example. If you see Vicente as a set of
> > > organs and let's say, you remove the lungs...oops Vicente is no more.
> > > But scratch a few cells here and there, and Vicente is still sending
> > > mail...
> >
> > Who decides which cells are vital and which not? And based on what
> > information are you deciding? To stay with your medical examples: Cancer
> > is known to mutate cells. How can we know we don't have cancer if we
> > don't look at every cell?
> >
> >
> > > If you have a Company and remove a switch...hey the Company is still
> > > there. A poor guy had to go get a less important switch and replace
> > > that particular one. Now, you send the Production Environment to the
> > > Mariana's trench...no more Company.
> >
> > Again, who decides that the switch is not vital and based on what facts?
> > Probably there is some weird topology and all the traffic flows through
> > that single switch?
> >
> >
> > > Simple modelling (environments) takes less effort, and the value of
> > > the environment won't change wildly from one month to the next.
> >
> > I completely agree. My point lies in the fact that we base our decisions
> > on incomplete data. As simpler as things get as more we construe the
> > situation of an environment.
> >
> > > Tools are seconday. Good tools + poor ideas = poor results.
> >
> > Good interpretation + poor data = poor results.
> >
> >
> > > IT: Logs show we can squeeze 99,99% uptime from standalone servers.
> > > That's 7 hours dowtime a month.
> > > Management: The business can't afford more than one hour downtime a
> > > month. IT: Ok, we will have to go for redundant systems then.
> >
> > IMHO this is wrong. The management will start to say:
> >
> > "We want not more than 1hr downtime per month"
> >
> > and the IT will then look into the logs and say:
> >
> > "Currently we have 7hrs, so we will need redundant systems"
> >
> >
> > > The big picture is the picture with less, more significant detail, not
> > > the picture with all the detail, including the details not wanted or
> > > needed to take decisions.
> >
> > Agree, wrong word. I meant if we don't need the info about the cable for
> > the complete picture?
> >
> >
> > > Tools are not the solution, better modelling is.
> >
> > I guess this sums our two positions quite well. You say we need
> > abstraction or reduction to cope with the data. I say we need more
> > intelligent systems so that we can cope with the data.
> >
> >
> > > Again, no. A doctor doesn't want to know what goes on with every
> > > single cell of yours. What he wants to know is how are you kidneys,
> > > lungs, etc.
> >
> > No :)
> >
> > Your analogy limps, as we say over here. My approach is not about looking
> > at every single cell. It is about getting all the data from my body.
> > Without interpretation and in full detail with the intent, that I can
> > filter out what I am not wanting to know: Heart rate, blood pressure,
> > components of blood, size of lung, rate of breathing, where in my body all
> > the blood is circulating, stress level, etc. So if I someday want to see
> > what risks I am having, that system could tell me that my veins will
> > soon turn into varices, I just need a simple query and will know the
> > answer, the data is all there.
> >
> > Regards,
> > Adrian
> > _______________________________________________
> > Users mailing list
> > Users at ism3.com
> > http://lists.ism3.com/mailman/listinfo/users
> >
>_______________________________________________
>Users mailing list
>Users at ism3.com
>http://lists.ism3.com/mailman/listinfo/users

More information about the Users mailing list