-
i guess we also need to define or rank an order for success measurement. which is a more important determination for success:
- keeping hacker's out -vs- a hacker getting in?
- preventing data tampering -vs- tampering with data?
- tracking the culprit -vs- getting away with it?
because, as alluded by many here, we're really dealing with two different time tables.
an attacker will initiate a strike, thus be the first to act. an admin will attempt to detect and protect - a response to the attack. while there are proactive measures that can be deployed, you can't feasibly rely on anything to stop an attacker before he strikes? i think most will agree that the best defense is accountability...who did what and where (and how reliable is the proof of record).
i think that from an overall standpoint it's rediculous to think that an administrators success should be based on keeping people out. it's ideal - but not realistic. however the determinant with the longest lifespan (tracking the attack/getting away with it) is to the definate advantage of the administrators; provided that the proactive accountability measures have been taken.
-
Quote:
Originally posted here by droby10
i think that from an overall standpoint it's rediculous to think that an administrators success should be based on keeping people out. it's ideal - but not realistic. however the determinant with the longest lifespan (tracking the attack/getting away with it) is to the definate advantage of the administrators; provided that the proactive accountability measures have been taken.
Good point. It's true that nowadays we are expecting (well, pushing for) total security (no breaches ever) but it's indeed unrealistic... Just like police, security guards, alarm systems and other security systems in day to day life, are perfect and prevent all "crimes"/intrusions.
It might be a little hard on the ego at first, but I think we should start accepting it..
Ammo
