[lit-ideas] Re: Didn't I tell you so?
- From: Teemu Pyyluoma <teme17@xxxxxxxxx>
- To: lit-ideas@xxxxxxxxxxxxx
- Date: Wed, 31 May 2006 23:18:00 -0700 (PDT)
Thinking about security, I find Bruce Schneier's five
question framework helpful. It is pretty much what we
use in IT Security, in Beyond Fear Schneier applied it
primarily to (government) security policy. I tend to
buy Schneier's core argument that we do know how to
and most of the time do make rational security
decisions, but sometimes fear clouds our judgment. So
here are five question to ask, I'll use the extra lock
I have as an example.
1. What assets are you trying to protect?
A: The property at my apartment (worth about 5000e or
less, I really don't own a lot of stuff), and also the
health of myself and my wife which is impossible for
me to quantify.
2. What are the risks to these assets?
A: Burglary, and related to that being attacked by the
burglar. Also, main lock keys are still same as they
were when I moved in so previous residents could have
keys.
3. How well does the security system mitigate those
risks?
A: A burglar is likely to choose an apartment that
doesn't have an extra lock over one that does. OTOH,
all my neighbors seem to have one. In general an extra
lock slows down the burglar, which is quite useful
given that he has a high likely hood of being spotted
by neighbors.
4. What other risks does the security system cause?
In case someone needs to enter our apartment while we
are away (say a fire or a leaking pipe) it will stop
them from entering as we have the only keys.
5. What costs and trade-offs does the security
solution impose?
No direct costs as it was installed when I moved in,
all though I had to redo the keys when one of them
broke (~40e). I get a small discount on home insurance
(~20e a year). On the other hand, if I forget to use
the extra lock and someone breaks in, the insurance
company may not be liable. It does make my wife feel
safer for some reason.
Apartment burglary is very low risk here. But wife
feeling safer makes it worthwhile for me.
It is very hard to do the exercise in abstract, not
only are particulars different but the trade-off
evaluation is highly subjective. Still, if one were to
do the walk or drive thing, it really depends on what
are you trying to protect:
1. What assets are you trying to protect?
Personal health.
2. What are the risks to these assets?
Injury or death due to an attack while walking in a
bad neighborhood.
3. How well does the security system mitigate those
risks?
Car is a harder target than a walker for an attacker.
Also attack on vehicle would require higher degree of
planning, meaning it is less likely to be carried out
by someone having a sudden burst of aggression.
4. What other risks does the security system cause?
- The value of a target for an attacker interested in
financial gain is higher by probably a factor of one
hundred (assuming car has resale value of about $5000
and people typically carry about $50 in cash.)
- Risk of a traffic accident is very high compared to
risk of violent attack in general.
5. What costs and trade-offs does the security
solution impose?
Car costs money and gives freedom of movement, and is
generally speaking a faster way to get around.
Exercise due to walking has considerable health
benefits which in general by far out weight the health
risk of violent attack.
So it has to be a very bad neighborhood in order for a
car to make sense as security solution. But if we
change what we are trying to protect to sense of
security the answer may very well be different.
Cheers,
Teemu
Helsinki, Finland
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------------------------------------------
To change your Lit-Ideas settings (subscribe/unsub, vacation on/off,
digest on/off), visit www.andreas.com/faq-lit-ideas.html
Other related posts:
