Matt Zimmerman wrote: > > On Sat, Oct 18, 2003 at 11:34:06PM -0400, Daniel B. wrote: > > > Matt Zimmerman wrote: > > > > Information Security - As defined by ISO-17799, information security is > > > > characterized as the preservation of: > > > > [...] > > > > * Availability - ensuring that authorized users have access to > > > > information and associated assets when required. > > > > > > ISO, I'm afraid, does not document either English or Information Technology. > > > They are free to define terms however they like .... > > > > [...] > > Preventing successful denial-of-service attackes preserves the availability > > or your information. > > > > So how are those definitions invalid? > > I didn't say they were invalid;
You said that ISO's terms don't "document either English or Information Technology" and now you say: However, they won't necessarily correspond to reality... How do they not reflect reality> > where "availability" is not a component of "information security", Huh? The reason information security is so tricky is that availability is a key part. If it only involved confidentiality, you could lock data up in a vault, or throw it down a black hole (ignore recent physics thought on preservation of information), and information security would be easy to provide. However, it is _not_ easy, and one reason is that it requires making information available to the right people while keeping it secret and protected from the wrong people. So what is it that you're arguing about? That computer security in general is not information security? If so, so what? That's why ISO says" _information_" security instead of just "security." Daniel -- Daniel Barclay [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
