No subject


Mon Jul 2 20:10:01 CEST 2007 

----- Original Message -----
From: Anup Narayanan [anupnarayanan at gmail.com]
Sent: 07/12/2007 04:41 AM
To: ISM3 Users discussion list <users at ism3.com>
Subject: Re: [ISM3 Users] Tuesday Insight: Environments



Absolutely agree. After following the entire thread, I believe Anthony
has really hit the point.

Anup

Anthony Nelson wrote:
> We have to remember that our underlying goal is business 
> functionality.  If we gather too much information we are using too 
> much resources in the InfoSec function.  Ideally we want to gather 
> the minimum amount of information required for us to make the correct 
> decisions.  Any more than that is wasted resources, any less leaves 
> us open to making the wrong decision.  Its a really thin line.
>
> A. B. Nelson
>
> At 04:18 PM 7/10/2007, you wrote:
>   
>> Adrian,
>>
>> The difference in POVs is that you want all the conceivable modeling
>> data regardless of the model; while I think that collecting too much
>> data is time consuming and expensive.
>>
>> With a good enough model and good enough data you can take informed
>> decisions; with a perfect model and perfect data you can take informed
>> decisions as well; but the ROI will be worse, or even negative.
>>
>> My best
>>
>> Vicente
>>
>> On 7/10/07, Adrian Wiesmann <awiesmann at somap.org> wrote:
>>     
>>> Hello
>>>
>>>       
>>>> - The real world normally changes faster than you can change your
>>>> model of the world. So they tend to stay out of synch.
>>>>         
>>> Agree. Although changes should be noted somewhere. New people starting and
>>> regulars leaving a company are managed in some database. Installed
>>> software should be managed in some software or database. Networks should
>>> be protocolled, systems should be documented. So isn't this only a
>>> question of getting at the data?
>>>
>>>
>>>       
>>>> - I will repeat the main message from my original post: A human being
>>>> can't be understood as a collection of cells. A company can't be
>>>> understood as a collection of information system components.
>>>>         
>>> I understood this sentence. I am only not sure if I agree.
>>>
>>>
>>>       
>>>>> - Everything in a company is an asset (cable, room, file cabinet,
>>>>> people).
>>>>>           
>>>> I don't agree. Take me for an example. If you see Vicente as a set of
>>>> organs and let's say, you remove the lungs...oops Vicente is no more.
>>>> But scratch a few cells here and there, and Vicente is still sending
>>>> mail...
>>>>         
>>> Who decides which cells are vital and which not? And based on what
>>> information are you deciding? To stay with your medical examples: Cancer
>>> is known to mutate cells. How can we know we don't have cancer if we
>>> don't look at every cell?
>>>
>>>
>>>       
>>>> If you have a Company and remove a switch...hey the Company is still
>>>> there. A poor guy had to go get a less important switch and replace
>>>> that particular one. Now, you send the Production Environment to the
>>>> Mariana's trench...no more Company.
>>>>         
>>> Again, who decides that the switch is not vital and based on what facts?
>>> Probably there is some weird topology and all the traffic flows through
>>> that single switch?
>>>
>>>
>>>       
>>>> Simple modelling (environments) takes less effort, and the value of
>>>> the environment won't change wildly from one month to the next.
>>>>         
>>> I completely agree. My point lies in the fact that we base our decisions
>>> on incomplete data. As simpler as things get as more we construe the
>>> situation of an environment.
>>>
>>>       
>>>> Tools are seconday. Good tools + poor ideas =3D poor results.
>>>>         
>>> Good interpretation + poor data =3D poor results.
>>>
>>>
>>>       
>>>> IT: Logs show we can squeeze 99,99% uptime from standalone servers.
>>>> That's 7 hours dowtime a month.
>>>> Management: The business can't afford more than one hour downtime a
>>>> month. IT: Ok, we will have to go for redundant systems then.
>>>>         
>>> IMHO this is wrong. The management will start to say:
>>>
>>> "We want not more than 1hr downtime per month"
>>>
>>> and the IT will then look into the logs and say:
>>>
>>> "Currently we have 7hrs, so we will need redundant systems"
>>>
>>>
>>>       
>>>> The big picture is the picture with less, more significant detail, not
>>>> the picture with all the detail, including the details not wanted or
>>>> needed to take decisions.
>>>>         
>>> Agree, wrong word. I meant if we don't need the info about the cable for
>>> the complete picture?
>>>
>>>
>>>       
>>>> Tools are not the solution, better modelling is.
>>>>         
>>> I guess this sums our two positions quite well. You say we need
>>> abstraction or reduction to cope with the data. I say we need more
>>> intelligent systems so that we can cope with the data.
>>>
>>>
>>>       
>>>> Again, no. A doctor doesn't want to know what goes on with every
>>>> single cell of yours. What he wants to know is how are you kidneys,
>>>> lungs, etc.
>>>>         
>>> No :)
>>>
>>> Your analogy limps, as we say over here. My approach is not about looking
>>> at every single cell. It is about getting all the data from my body.
>>> Without interpretation and in full detail with the intent, that I can
>>> filter out what I am not wanting to know: Heart rate, blood pressure,
>>> components of blood, size of lung, rate of breathing, where in my body all
>>> the blood is circulating, stress level, etc. So if I someday want to see
>>> what risks I am having, that system could tell me that my veins will
>>> soon turn into varices, I just need a simple query and will know the
>>> answer, the data is all there.
>>>
>>> Regards,
>>> Adrian
>>> _______________________________________________
>>> Users mailing list
>>> Users at ism3.com
>>> http://lists.ism3.com/mailman/listinfo/users
>>>
>>>       
>> _______________________________________________
>> Users mailing list
>> Users at ism3.com
>> http://lists.ism3.com/mailman/listinfo/users
>>     
>
>
> _______________________________________________
> Users mailing list
> Users at ism3.com
> http://lists.ism3.com/mailman/listinfo/users
>
>   
_______________________________________________
Users mailing list
Users at ism3.com
http://lists.ism3.com/mailman/listinfo/users

More information about the Users mailing list