On Sat, Oct 18, 2003 at 11:34:06PM -0400, Daniel B. wrote: > Matt Zimmerman wrote: > > > Information Security - As defined by ISO-17799, information security is > > > characterized as the preservation of: > > > [...] > > > * Availability - ensuring that authorized users have access to > > > information and associated assets when required. > > > > ISO, I'm afraid, does not document either English or Information Technology. > > They are free to define terms however they like .... > > [...] > Preventing successful denial-of-service attackes preserves the availability > or your information. > > So how are those definitions invalid?
I didn't say they were invalid; in fact, I defended ISO's right to use whatever definitions they please. However, they won't necessarily correspond to reality, where "availability" is not a component of "information security", except insofar as good security prevents someone from actively attacking your system's availability (i.e., a DoS). This is probably what ISO meant, though I'm not at all interested in purchasing a copy of the relevant standard to find out. This means that things like a UPS are not "information security" measures, nor are good system administration practices which might serve to improve overall system availability. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
