Comments on: Questions Raised About Information Security http://www.liquidmatrix.org/blog/2007/11/24/questions-raised-about-information-security/ Bringing Fire To The Village: Your Source For Computer, Network & Information Security News from Dave Lewis, Security Blogger Fri, 21 Nov 2008 09:30:18 +0000 http://wordpress.org/?v=2.6.3 By: Dave Lewis http://www.liquidmatrix.org/blog/2007/11/24/questions-raised-about-information-security/#comment-66343 Dave Lewis Tue, 27 Nov 2007 16:14:52 +0000 http://www.liquidmatrix.org/blog/2007/11/24/questions-raised-about-information-security/#comment-66343 @Beach Agreed @Beach

Agreed

]]> By: Beach http://www.liquidmatrix.org/blog/2007/11/24/questions-raised-about-information-security/#comment-66336 Beach Tue, 27 Nov 2007 15:59:09 +0000 http://www.liquidmatrix.org/blog/2007/11/24/questions-raised-about-information-security/#comment-66336 This is ludicrous and a fallacy. Security and usability are not mutually exclusive. Adding security after-the-fact often has a negative impact on usability. I was reading a few days ago (can't find link) about a car analogy for this discussion, how adding security after the fact would be like bolting a lock to the outside of the car door after it was manufactured -- not very practical and impedes the "usability" because now the owner must carry a key and use it every time. Designing and building a usable system and a secure system should be done at the same time and they are not mutually exclusive. The argument that they are is a product of a poor architect and security being added too late in the project. This is ludicrous and a fallacy. Security and usability are not mutually exclusive. Adding security after-the-fact often has a negative impact on usability. I was reading a few days ago (can’t find link) about a car analogy for this discussion, how adding security after the fact would be like bolting a lock to the outside of the car door after it was manufactured — not very practical and impedes the “usability” because now the owner must carry a key and use it every time.

Designing and building a usable system and a secure system should be done at the same time and they are not mutually exclusive. The argument that they are is a product of a poor architect and security being added too late in the project.

]]>