« Better Metrics | Main | Security > 140 Conversation with Gerry Gebel on XACML and ABAC »



One thing government tends to be pretty good at is keeping secrets. They have decades of experience building IT systems which prioritize confidentiality, sometimes to the detriment of function.

There are two problems inherent in applying that knowledge, firstly that outside of government a much greater emphasis is rightly placed on benefits rather than downside risks and much of government security expertise struggles to really factor in upsides of risk. Secondly the decades of experience in domain-based security has resulted in a infrastructure and even a language that is hard to transfer to the flatter more open business world.

There are things business could learn from government such as more rigorous approaches to assurance and domain-based architectures but the transfer of that knowledge from govt to business is fraught with misunderstanding and a lack of a common frame of reference.

The comments to this entry are closed.