Interesting bit of a quote
Anne & Lynn Wheeler
lynn at garlic.com
Tue Jul 11 22:18:39 EDT 2006
dan at geer.org wrote:
> You're talking about entirely different stuff, Lynn,
> but you are correct that data fusion at IRS and everywhere
> else is aided and abetted by substantially increased record
> keeping requirements. Remember, Poindexter's TIA thing did
> *not* posit new information sources, just fusing existing
> sources and that alone blew it up politically. As a security
> matter relevant here, we can't protect un-fused data so
> fused data is indeed probably worse.
but this is the security issue dating back to before the 80s ... when
they decided they could no longer guarantee single point of security ...
in part because of insider threats ... they added multiple independent
sources as a countermeasure. the crooks responded with collusion ... so
you started to see countermeasures to collusion appearing in the early 80s.
the advent of the internet, sort of refocused attention to outsider
attacks ... even tho the statistics continue to hold that the major
source of fraud is still insiders ... including thru the whole internet
era. the possibility of outsiders may have helped insiders obfuscate
true source of many insider vulnerabilities.
the issue with auditing to prove no possible vulnerability for a single
point ... leading to the extremes of having to prove a negative ... can
possibly be interpreted within the context of attempting to preserve the
current audit paradigm.
independent operation/sources/entities have been used for a variety of
different purposes. however, my claim has been then auditing has been
used to look for inconsistencies. this has worked better in situations
where there was independent physical books from independent sources
(even in the same corporation).
As IT technology has evolved ... my assertion is a complete set of
(consistent) corporate books can be generated from a single IT
source/operation. The IRS example is having multiple independent sources
of the same information (so that you can have independent sources to
check for inconsistencies).
The fusion scenarios tend to be having multiple independent sources of
at least some different data ... so the aggregation is more than the
individual parts (as opposed to the same data to corroborate).
ref:
http://www.garlic.com/~lynn/aadsm24.htm#35 Interesting bit of a quote
http://www.garlic.com/~lynn/2006h.html#58 Sarbanes-Oxley
http://www.garlic.com/~lynn/2006l.html#1 Sarbanes-Oxley
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list