Paul Madsen looks at mutual funds that start out with a riskier/high growth portfolio and gradually move to a more conservative appoach as retirement nears, and asks:
Why not the same for identity policy, i.e. privacy rules that automatically become more conservative and risk-averse as the user ages?
This maps pretty well to security in the business world, erstwhile static analysis luminary Brian Chess showed an example of evolving risk model for a start up business where as business risk decreases (the company gains market share), the security risk (which starts small) grows as it gathers assets. In 1999, Google's business risk for company viability was high and its security risk was low; now they are reversed.
When the business reality is dynamic and the security model is static, then errors creep in. This situation can also be looked at as a Grigg Point.
I blogged a similar issue awhile back that was in a JASON document:
"Several major espionage cases have shown a systemic weakness in the present security system, namely the fact that individuals are most often treated as either “fully trusted” (cleared) or “full untrusted” (uncleared). That is, trust is treated as a discrete, not a continuous, variable. A major reason for this is that a down-transition between these two states — revoking someone’s clearance — is so drastic an action that line managers, and even security managers, try to avoid it at almost any cost.The Aldrich H. Ames case is a particularly famous, and perhaps egregious, example of this phenomenon.
Not wanting to rock the boat, managers at multiple levels dismissed, or explained away, warning signs that should have accumulated to quite a damning profile. In effect, each “explanation” reset Ames’ risk odometer back to zero.ffect, a continuously variable level of trust. The individual manager, therefore, is never faced with an all-or-nothing decision about whether to seek suspension of an employee’s security access. Instead, the manager has clearly defined, and separable, responsibilities in functional (“getting the job done”) and security (“work securely”) roles."
As usual the shades of gray in reality don't map too well to black and white models. As John Quarterman shows: risk moves
Comments