Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: the security functinality triangle

  1. #1
    Senior Member
    Join Date
    Sep 2003
    Posts
    161

    the security functinality triangle

    what is the the security functinality triangle? i couldn't find nothin of google that would explain this term.

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    God:

    The easiest way to imagine the extent of functionality is a triangle with Functionality, Ease of Use and Security at the 3 corners. If there is too much functionality, there will be nominal security and it would be very hard to use for the average person. Alternatively, if it is too easy there will be almost no security or functionality. Finding the optimal point on the triangle is the hardest part of this step and involves taking into account the average computer literacy of the organizations user base.
    Found here from this Google search

    Hope this helps.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    sorry i did not put the & i thought that google put it by default

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Quod

    You may not understand Boolean parameters.......................try putting things in parentheses (inverted commas) like "this"................it will string all words together?

    Cheers

  5. #5
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    what are the sides of the triangle??

    i am currently reading a google tutorial

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Quod

    FINISH reading, then ask...........also learn grammar and spelling:

    FUNCTIONALITY has an "o" in it huh?..............Google is for people who have some intelligence?.............it assumes that you spell the words correctly?

    Just a little advice

    Cheers

  7. #7
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    you don't need the &. Actually, google drops them when you do the search...

    without the & it is the 4th link that I got on google.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Soul: Then why was it the first with my "&"'s?

    The first search I did didn't look as good but it is the one you are talking about. I only scan the first 2 or 3 results to see if they are getting close... My &'s put what I wanted at the top so Google doesn't drop them..... It means I _insist_ that _all_ words are in the result as opposed to the site with the most of _some_ of the words are in the result.... It's a big difference..... Though not really in this case...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Looks like this is turning into a "how to use google" thread, which is a shame, because the original question is a good one.

    The security functionality triangle/triad is an interesting concept, but it has never really caught on at higher levels. the reason for this is that iccomplete, difficult to quantify, and is frequently misapplied.

    Incomplete because it fails to include "time" and or "cost", which I'll touch on in a moment.

    Difficult to quantify... "what makes this easy to use? is it eaiser or harder now?" Though functionality and security are possible to accurately quantify.

    The idea of security/usability/functionality all making up finite, mutually exclusive fails to apply to computer systems. (why it is most frequently applied) Computer security can be absolute the only road block is system cost. It is possible for formally verify every single state a system can ever exist in and ensure each state to be secure, with no regard for functionality/usability, though these things make the system more complex so the cost goes up, typcally way up. In physical environments (like banks for example) this model is more applicable, but still here it lacks the key component "time." If you have F functions that a banker can do and each function takes T time with a level of S security for example... and you desire to make the system more usable you have a few options:

    If you wish to keep T constant and you add more fluff (extra steps is typically how you get greater easy of use) to ease usage: U , F and S must decrease. However you can also keep T constant and decrease either F or S at a rate of inverselt proportional to its counterpart.
    But what if we can work with T? Now lets add more U and keep F the same... if we add more time this is possible and we can even keep S the same, with added checkpoints for the increase in U by adding still more time.

    In short this is a good thorey to know, but I wouldn't base any work on it.

    catch

  10. #10
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    so it is a triangle model that basicaly says that you could sacifice security usability/functionality and increase security for less usability/functionality. and the reason it is not refered to as often is because it lackes the valiable of time.
    catch thank for the info although you lost me on the last 2 paragraph when you talk about banks, and time. could you please explain it in different words, and if i already have it on my first sentance , then thank you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •