Tuesday, November 23, 2010

Rules

Funny and a good point:
Cyanide and Happiness, a daily webcomic
Cyanide & Happiness @ Explosm.net

You cannot fix problems by adding more rules. This is as equally true for gun restrictions as it is for quality controls. If you have bad or lazy actors, the rules won't matter. Dhillon and Backhouse suggest in a 2000 paper, "Information System Security Management in the New Millennium," that we need to move beyond traditional rules based security. Focusing on CIA (confidentiality, integrity, and availability) of data is no longer sufficient. We need to recognize the human component of systems and think in terms of RITE (responsibility, integrity, trust, ethicality).

Responsibility of the individual to take ownership of a domain and work to guarantee a positive future
Integrity of the individual to do the right thing and report inappropriate use
Trust as a two-way relationship as opposed to the traditional command and control hierarchy
Ethicality behavior based on informal, shared ethical norms

I saw the comic first on Sharp as a Marble.

No comments:

Post a Comment