Shachar, Geoff "Mechila" if I used circular logic previously
If I may - One can take a "live free or die" approach - that is ok. Or can take a "practical threat" approach that considers asset value, probability of threats, amount of damage caused by threats that exploit vulnerabilities and cost of the security countermeasures. In our business operations: a) we have sensitive assets - business plans, customers, sales pipeline. See point d) below b) the threat probability of one of our operations getting a US court injunction is so low that I don't even bother with security countermeasures. OTOH - the threat of dos/web defacing/site downtime/poor response time is high enough that we considered and eventually deployed outsourced services for messaging and hosting. We use slicehost, rackspace.com and Google Apps. Dev servers are inhouse. c) Yes Google has vulnerabilities - being able to search your content, being liable to disclose your content during a lawsuit discovery....In my estimate, the probability of of these vulnerabilities causing us damage is close to zero. Our estimate is not "one size fits all" - but since we are not likely to become embroiled in California lawsuits - I am comfortable with the business vulnerability analysis I've done. >>> Apropos - My personal estimate is that the probability of a privacy breach is higher in the Israeli Ministry of Defense than in GooglePlex. d) We deploy security countermeasures to protect assets: 0) We don't use Google docs, Never. 1) None of our really sensitive assets are on Google Apps and that includes Calendar and Mail 2) if we really need to send them to someone - we encrypt or use secure copy. 3) we physically destroy hard disks (it's fun...) d On Tue, Aug 18, 2009 at 2:58 PM, geoffrey mendelson < geoffreymendel...@gmail.com> wrote: > > On Aug 18, 2009, at 2:47 PM, Shachar Shemesh wrote: > >> >> Your claimed price of "zero" disregards certain costs. For example, you do >> not count the cost in loss of privacy and the cost of having your emails >> available for parties to summon from Google using the court system without >> your knowledge. Obviously, these may not be concerns for you, and as such, >> may not be something you count as cost. That is fine, so long as you do not >> have the hubris to claim that this applies to everyone. >> > > > Good point. I just want to point out that since Google is in the State of > California, not the State of Israel, if your company is not incorporated in > the US, or registered with the State of California as a "foreign" (out of > state) corportation it's a court system in which you have no legal standing. > IAMNAL, but a similar condition exists for the Federal court system too. > > Geoff. > -- > geoffrey mendelson N3OWJ/4X1GM > Jerusalem Israel geoffreymendel...@gmail.com > > > > -- Danny Lieberman ------------------------------------------------------------------------------------------------- Protect your data: http://www.software.co.il Twitter: http://twitter.com/onlyjazz Skype: dannyl50 Warsaw:+48-79-609-5964 Israel: +972 8 9701485 Mobile: +972 - 54 447 1114
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
