Information Security 101 - the Rules of Thumb

[Peter Fairbrother]

Brian Gladman wrote:
> ----- Original Message ----- From: "Peter Fairbrother" 
> <zenadsl6186 at zen.co.uk>
> To: "UK Cryptography Policy Discussion Group" 
> <ukcrypto at chiark.greenend.org.uk>
> Sent: Wednesday, June 24, 2009 3:12 PM
> Subject: Re: Information Security 101 - the Rules of Thumb
> 
> 
>> Brian Gladman wrote:
>> [...]:
>>>>
>>>> In these rules an "enemy" is someone who wants to steal some secret
>>>> information an honest system designer doesn't want him to steal, or 
>>>> to prevent authorised access to it, or to mislead a friend about its 
>>>> authenticity.
>>>
>>> This does not cover things like denial of service attacks.
>>
>> I put "prevent authorised access" in to cover DoS, but maybe it's not 
>> clear enough.
> 
> My problem was that all the detail you provided in the last half of 
> sentence seemed to refer only to the 'secret' mentioned in the first 
> part of the sentence.

My fault. I had originally just written "information", and added 
"secret" without thinking hard enough about it.

"In these rules an "enemy" is someone who wants to access some
information an honest system designer doesn't want him to, or to prevent 
a friend's authorised access to it, or to mislead a friend about its 
authenticity or contents, or do anything the designer wouldn't like."

"

or maybe:


"

Information Security 101 - System Design, the Rules of Thumb


Introduction. In these rules an "enemy" is someone who wants to do 
anything an honest designer wouldn't like. A "friend" is someone the 
designer allows to do some things within the system.

This is solely a naming convention, from another point of view it might 
well seem the other way round.

Rule #0:

All of these rules have exceptions, including this one - but they don't 
apply in your situation.

"


or is that last bit too twee?


-- Peter