HP 600N HP Jetdirect Print Servers - Philosophy of Security - Page 2
Category Mistake - specifications
UPC - 088698541357
View all HP 600N manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 2 highlights
reducible to or completely explicable in terms of individuals' behaviour (see emergence). Semantic holism denies the claim that all meaningful statements about large-scale social phenomena (e.g., "The industrial revolution resulted in urbanization") can be translated without residue into statements about the actions, attitudes, relations, and circumstances of individuals. - Encyclopedia Britannica Online What we will find out is that anytime security is viewed as something other than a holistic enterprise, mistakes can undermine overall security. In short, when we treat security as a holistic enterprise, we find the following: • People are the problem • People are the solution • Security technology can help people make good decisions about security • Security technology can help when people do not make good decisions about security • Decisions made by people can render security technology ineffective A character in a famous movie had the words: "Those who build on people build on mud" right before he met his demise. He was wrong because he underestimated the intense loyalty that a person can feel towards another person. Returning to security, we can paraphrase a more correct saying: "Those who deploy security technology without regard to people builds on mud". Actually, talking about a specific security technology under the umbrella of the label "Security" is a type of mistake. Let's look at what is called a category mistake. Category Mistake The philosopher Gilbert Ryle formally introduced the concept of applying a macro term to a micro entity as a type of mistake - specifically, the category mistake. A common example of a category mistake is when a tour of a university is given to a new student. The tour guide takes the new student around the various buildings - the "school of engineering", the library, and so on. After the tour is over, the new student says something to the effect of "that was all very nice, but where is the university?" The new student has made a category mistake - they assumed the university was a building (micro) rather than a series of buildings under a common goal or theme (macro). A similar example can be made with automobiles. Let's assume that you are an automobile mechanic and that you have completely taken apart your car in your workshop. You tell your three-year-old son to come look at Daddy's automobile. After viewing the driveline, then engine, the wheels, and all the various parts of the automobile, your son asks: "But Daddy, where is your automobile?" Your son has made a category mistake. Security analysts and consultants often make the exact same mistake without realizing it. Continuing with our automobile example, instead of labeling the automobile parts by their common names, let's label them SSL/TLS, Web Services, AES, and so on. A security consultant/developer/analyst making a category mistake will often stop at SSL/TLS and claim that they have found security. This behavior is equivalent to holding up a driveline of an automobile and claiming to have found the automobile. Everyone reading should repeat the following to themselves: • Security is not a cryptographic algorithm • Security is not a network protocol • Security is not encryption These are all category mistakes. Security is a holistic enterprise involving people, processes, technology, and how they all interact. Sometimes that is hard to understand and can also be a bit intimidating. With such a definition, how do you know where to start? For example, if you were the 2