« Security > 140 Conversation with Gerry Gebel on XACML and ABAC | Main | Cloud Security and the Ability to Integrate »

Comments

Matt Palmer

I do agree that assets are the thing we're trying to ultimately protect. However, I think Gary McGraw's use of the word malicious is entirely appropriate.

It captures the idea that we must continue to function correctly when up against someone *intentionally* trying to subvert you, using all means at their disposal. This is simply a higher bar than guarding against honest mistakes.

gunnar

@Matt - agree that we need to worry about malicious threats and intentional subversion in many cases presents a higher bar.

In addition, there are certain types of damage that can arise from an authenticated, authorized user's misuse.

We can look the Lost Stolen scenarios for mobile as an indicator. MDM is widely used to cope with Lost Stolen threats. But here we see intent - Lost is an accident and Stolen is malice.

Note this is not necessarily at odds with yours since they may be coerced to take actions on behalf a malicious actor

The comments to this entry are closed.