Dilbert on Security Standards
So true (the predecessor).
EDITED TO ADD (10/13): XKCD makes the sam point.
So true (the predecessor).
EDITED TO ADD (10/13): XKCD makes the sam point.
iglooi • October 7, 2011 7:08 AM
Been on some standards committees – even chaired a few. Unfortunately there’s more than a little bit if truth in Dogbert’s comments.
As with most committees, the majority of people are well meaning and really try to reach a sensible consensus. However, a few stand-outs (individuals as well as national standards associations) have led to some pretty awful dog’s breakfasts of standards….
I think it was Professor Tanenbaum who said: “The nice thing about standards is that you have so many to choose from.”
Michael • October 7, 2011 7:15 AM
Bruce, is that you in the standards meeting?
Jonathan • October 7, 2011 7:34 AM
XKCD made a similar point about standards in general.
Alan • October 7, 2011 8:01 AM
Dilbert is frighteningly perceptive at times.
The issues Adams brings out in these is why I really, really like the ISF Standard of Good Practice“; it’s driven by members to by a purportedly independent organization without much skin in the game. It’s based on practical research. It’s compatible with ISO, COBIT, et al; it’s updated frequently.
Eve • October 7, 2011 1:09 PM
@Alan
The “Standard of Good Practice” is an unresponsive link/URL.
Meta-irony.
wesleyb • October 7, 2011 1:44 PM
Check out the security recommendations from the House Cyber Security Task Force:
http://thornberry.house.gov/UploadedFiles/CSTF_Final_Recommendations.pdf
“We are generally skeptical of direct regulation and of government agencies grading the security of a private company, which is another form of regulation. Threats and practices change so quickly that government-imposed standards cannot keep up. Regulations can add to costs that ultimately come out of consumers’ pockets.”
Bruce • October 7, 2011 5:09 PM
I’ve had this Dilbert pinned up in my office for a number of years:
http://dilbert.com/fast/2007-11-16
Off point for the standards, but fitting for Crypto-Gram…
-wbw
Nick P • October 7, 2011 11:14 PM
@ wesleyb
That’s the first wise thing I’ve seen the government publish in a while.
dilbert • October 8, 2011 12:57 AM
I think the rapid adoption of the metric system by the US says plenty about its attitude to global standards. Security is an even lower priority.
Ari Maniatis • October 8, 2011 3:33 AM
I have long been amused by the US attitude to metric. I can’t even comprehend how you people cope with arithmetic that involves sixteenths of an inch! How many gallons of water do you need to fill a pool 8’5″ by 6’3″ by 25’11 3/16″? Seriously?
I know it takes a while to get people used to new standards, but the old ones are so horrible that you’d think people would jump towards simplicity.
Clive Robinson • October 8, 2011 8:35 AM
@ Ari Maniatis,
“How many gallons of water do you need to fill a pool 8’5″ by 6’3″ by 25’11 3/16″?”
That depends on your gallon (app 1.6 imperial or 1.3 US gallons to the cubic foot).
As a working rule of thumb in the UK 2 cubic feet is 100 pints or 2000 fluid oz.
So your calculation would be first calculate the pool in cubic feet then multiply by 1000 to get the number of (imperial) fluid oz then divide by the appropriate fluid oz to gallons converter.
Not difficult just laborious. Oh and by the way 12 makes a better divider than 16 which is why most rulers prior to the 20th century were marked in 12ths of an inch not 10ths or 16ths.
Oh and the “practical” way carpenters etc used to cut by fractions was by darwing two parallel lines an inch appart with a cross line at one end they would then measure down from the cross line on one parallel by say three inches across to the second parallel. On this diagonal line of three inches in length they would mark off the one and two inch points these would provide the “cut lines” for dividing the with into 1/3 of an inch.
All of these quite simple skills appear lost on those who have only worked in metric.
pfogg • October 8, 2011 6:20 PM
@dilbert “I think the rapid adoption of the metric system by the US says plenty about its attitude to global standards.”
The U.S. government jumped in with the Mendenhall Order of 1893 — customary units of weights and measures in the U.S. are defined by metric standards (e.g. an inch is defined as exactly 2.54 centimeters).
The U.S. citizens have not systematically converted to the metric system, but it’s not clear what advantage such a conversion would have — the metric standard is available to anyone who wants to use it, while the customary units have a different set of advantages that people don’t want to lose.
The fact that the U.S. government did not attempt to impose the metric system by fiat does say a great deal, though.
Dirk Praet • October 9, 2011 11:44 AM
@wesleyb
“Threats and practices change so quickly that government-imposed standards cannot keep up. Regulations can add to costs that ultimately come out of consumers’ pockets.”
Yes and no. It’s the same kind of fallacy as there being no point in eating tonight because by morning we’ll be hungry again anyway. And yes, regulations can add to costs, but surely not as much as the trillions spent over the last decade on wars that have gone exactly nowhere. Or perhaps like Wall Street & co. they actually believe in the kind of self-regulation, results of which by now have proven detrimental to 99 percent of the general population.
Short: it’s not because something is hard and cumbersome that it shouldn’t be done.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
dilbert • October 7, 2011 7:08 AM
I’ve used “dilbert” as my online nym for many many years. Scott Adams is a genius, and he’s so absolutely on-target in so many ways that I almost always get a chuckle from his comics. Love Live Dilbert!