sen-material: comparison slides03.tex

equal deleted inserted replaced

-:5d0f7da375da
+:9dc8159c9af7
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}\end{tabular}}
+\begin{minipage}{11cm}
+From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\
-Security theater is the practice of investing in countermeasures intended to provide the
+To: cl-security-research@lists.cam.ac.uk\\
-\underline{feeling} of improved security while doing little or nothing to actually achieve it.\hfill{}\textcolor{gray}{Bruce Schneier}
+Subject: Tip off\\
+Date: Tue, 02 Oct 2012 13:12:50 +0100\\
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
-Sender: cl-security-research-bounces@lists.cam.ac.uk
-To: cl-security-research@lists.cam.ac.uk
-Subject: Tip off
-Date: Tue, 02 Oct 2012 13:12:50 +0100
 I received the following tip off, and have removed the sender's
 coordinates. I suspect it is one of many security vendors who
 don't even get the basics right; if you ever go to the RSA
 conference, there are a thousand such firms in the hall, each
-with several eager but ignorant salesmen. A trying experience
+with several eager but ignorant salesmen. A trying experience.\\
 Ross
+\end{minipage}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\begin{minipage}{11cm}
+I'd like to anonymously tip you off about this\\
+product:\\
+{\small http://www.strongauth.com/products/key-appliance.html}\\
+It sounds really clever, doesn't it?\\
+\ldots\\
+Anyway, it occurred to me that you and your colleagues might have a
+field day discovering weaknesses in the appliance and their
+implementation of security.  However, whilst I'd be willing to help
+and/or comment privately, it'd have to be off the record ;-)
+\end{minipage}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 1\end{tabular}}
+{\bf What assets are you trying to protect?}\bigskip
+This question might seem basic, but a surprising number of people never ask it. The question involves understanding the scope of the problem. For example, securing an airplane, an airport, commercial aviation, the transportation system, and a nation against terrorism are all different security problems, and require different solutions.
+\only<1>{
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
+{\begin{minipage}{10cm}
+\small You like to prevent: ``It would be terrible if this sort of attack ever happens; we need to do everything in our power to prevent it.''
+\end{minipage}};
+\end{tikzpicture}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 2\end{tabular}}
+{\bf What are the risks to these assets?}\bigskip
+Here we consider the need for security. Answering it involves understanding what is being defended, what the consequences are if it is successfully attacked, who wants to attack it, how they might attack it, and why.
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 3\end{tabular}}
+{\bf How well does the security solution mitigate those risks?}\bigskip
+Another seemingly obvious question, but one that is frequently ignored. If the security solution doesnÕt solve the problem, itÕs no good. This is not as simple as looking at the security solution and seeing how well it works. It involves looking at how the security solution interacts with everything around it, evaluating both its operation and its failures.
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 4\end{tabular}}
+{\bf What other risks does the security solution cause?}\bigskip
+This question addresses what might be called the problem of unintended consequences. Security solutions have ripple effects, and most cause new security problems. The trick is to understand the new problems and make sure they are smaller than the old ones.
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 5\end{tabular}}
+{\bf What costs and trade-offs does the security solution impose?}\bigskip
+Every security system has costs and requires trade-offs. Most security costs money, sometimes substantial amounts; but other trade-offs may be more important, ranging from matters of convenience and comfort to issues involving basic freedoms like privacy. Understanding these trade-offs is essential.
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \end{document}
 %%% Local Variables:

changeset 30	9dc8159c9af7
parent 29	5d0f7da375da
child 31	22e6c014086b