Schneier on Security
A blog covering security and security technology.
« FBI-Sponsored Backdoors |
| Security Seals on Voting Machines »
October 7, 2011
Dilbert on Security Standards
So true (the predecessor).
EDITED TO ADD (10/13): XKCD makes the sam point.
Posted on October 7, 2011 at 6:26 AM
• 14 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I've used "dilbert" as my online nym for many many years. Scott Adams is a genius, and he's so absolutely on-target in so many ways that I almost always get a chuckle from his comics. Love Live Dilbert!
Been on some standards committees - even chaired a few. Unfortunately there's more than a little bit if truth in Dogbert's comments.
As with most committees, the majority of people are well meaning and really try to reach a sensible consensus. However, a few stand-outs (individuals as well as national standards associations) have led to some pretty awful dog's breakfasts of standards....
I think it was Professor Tanenbaum who said: "The nice thing about standards is that you have so many to choose from."
Dilbert is frighteningly perceptive at times.
The issues Adams brings out in these is why I really, really like the ISF Standard of Good Practice"; it's driven by members to by a purportedly independent organization without much skin in the game. It's based on practical research. It's compatible with ISO, COBIT, et al; it's updated frequently.
The "Standard of Good Practice" is an unresponsive link/URL.
Check out the security recommendations from the House Cyber Security Task Force:
"We are generally skeptical of direct regulation and of government agencies grading the security of a private company, which is another form of regulation. Threats and practices change so quickly that government-imposed standards cannot keep up. Regulations can add to costs that ultimately come out of consumers’ pockets."
That's the first wise thing I've seen the government publish in a while.
I think the rapid adoption of the metric system by the US says plenty about its attitude to global standards. Security is an even lower priority.
I have long been amused by the US attitude to metric. I can't even comprehend how you people cope with arithmetic that involves sixteenths of an inch! How many gallons of water do you need to fill a pool 8'5" by 6'3" by 25'11 3/16"? Seriously?
I know it takes a while to get people used to new standards, but the old ones are so horrible that you'd think people would jump towards simplicity.
@ Ari Maniatis,
"How many gallons of water do you need to fill a pool 8'5" by 6'3" by 25'11 3/16"?"
That depends on your gallon (app 1.6 imperial or 1.3 US gallons to the cubic foot).
As a working rule of thumb in the UK 2 cubic feet is 100 pints or 2000 fluid oz.
So your calculation would be first calculate the pool in cubic feet then multiply by 1000 to get the number of (imperial) fluid oz then divide by the appropriate fluid oz to gallons converter.
Not difficult just laborious. Oh and by the way 12 makes a better divider than 16 which is why most rulers prior to the 20th century were marked in 12ths of an inch not 10ths or 16ths.
Oh and the "practical" way carpenters etc used to cut by fractions was by darwing two parallel lines an inch appart with a cross line at one end they would then measure down from the cross line on one parallel by say three inches across to the second parallel. On this diagonal line of three inches in length they would mark off the one and two inch points these would provide the "cut lines" for dividing the with into 1/3 of an inch.
All of these quite simple skills appear lost on those who have only worked in metric.
@dilbert "I think the rapid adoption of the metric system by the US says plenty about its attitude to global standards."
The U.S. government jumped in with the Mendenhall Order of 1893 -- customary units of weights and measures in the U.S. are defined by metric standards (e.g. an inch is defined as exactly 2.54 centimeters).
The U.S. citizens have not systematically converted to the metric system, but it's not clear what advantage such a conversion would have -- the metric standard is available to anyone who wants to use it, while the customary units have a different set of advantages that people don't want to lose.
The fact that the U.S. government did not attempt to impose the metric system by fiat *does* say a great deal, though.
"Threats and practices change so quickly that government-imposed standards cannot keep up. Regulations can add to costs that ultimately come out of consumers’ pockets."
Yes and no. It's the same kind of fallacy as there being no point in eating tonight because by morning we'll be hungry again anyway. And yes, regulations can add to costs, but surely not as much as the trillions spent over the last decade on wars that have gone exactly nowhere. Or perhaps like Wall Street & co. they actually believe in the kind of self-regulation, results of which by now have proven detrimental to 99 percent of the general population.
Short: it's not because something is hard and cumbersome that it shouldn't be done.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.