iang:
The bit that's missing is the business. Instead of asking "What's your threat model?" as the first question, it should be "What's your business model?" Security asks that last, and only partly, but asking questions like "what's are the risks?"
Know your assets. Don't lead with the threats, don't lead with auditors. Lead with assets. Rule number one protect your assets. Rule number two, see rule number one.
Thanks for the link, but I can't access the Financial Cryptography site.
"financialcryptography.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown."
Posted by: Richard Veryard | January 16, 2009 at 12:21 PM
Hi Richard,
Yes, this is an economic issue. The thing is, the site uses a certificate from CAcert, the community CA (disclosure, I audit them). These certs are free, and the community is a nice bunch of guys, if a little shy and slow with the doco.
The actual message there is wrong. What it should say is that Firefox's list of roots doesn't include this CA, so no "trust recommendation" is available.
If you want to know why Mozilla is not including them, refer to "disclosure" :)
Posted by: Iang | January 16, 2009 at 12:54 PM
Overall, we need a business model that defines the sources of business value. This may include a broad concept of asset, but also broad concepts of capability and viability. Then I absolutely agree with Gunnar and Ian - the security model must be driven by the business model.
http://rvsoapbox.blogspot.com/2009/01/business-model-drives-security.html
Posted by: Richard Veryard | January 17, 2009 at 05:47 AM