1350 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

  1351 \mode<presentation>{

  1352 \begin{frame}[c]

  1353 \frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 1\end{tabular}}

  1354 

  1355 {\bf What assets are you trying to protect?}\bigskip

  1356 

  1357 This question might seem basic, but a surprising number of people never ask it. The question involves understanding the scope of the problem. For example, securing an airplane, an airport, commercial aviation, the transportation system, and a nation against terrorism are all different security problems, and require different solutions.

  1358 

  1359 \only<2>{

  1360 \begin{tikzpicture}

  1361 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 

  1362 {\begin{minipage}{10cm}

  1363 \small You like to prevent: ``It would be terrible if this sort of attack ever happens; we need to do everything in our power to prevent it.''

  1364 \end{minipage}};

  1365 \end{tikzpicture}}

  1366 \end{frame}}

  1367 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

  1368 

  1369 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

  1370 \mode<presentation>{

  1371 \begin{frame}[c]

  1372 \frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 2\end{tabular}}

  1373 

  1374 {\bf What are the risks to these assets?}\bigskip

  1375 

  1376 Here we consider the need for security. Answering it involves understanding what is being defended, what the consequences are if it is successfully attacked, who wants to attack it, how they might attack it, and why.

  1377 

  1378 \end{frame}}

  1379 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

  1380 

  1381 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

  1382 \mode<presentation>{

  1383 \begin{frame}[c]

  1384 \frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 3\end{tabular}}

  1385 

  1386 {\bf How well does the security solution mitigate those risks?}\bigskip

  1387 

  1388 Another seemingly obvious question, but one that is frequently ignored. If the security solution doesn't solve the problem, it's no good. This is not as simple as looking at the security solution and seeing how well it works. It involves looking at how the security solution interacts with everything around it, evaluating both its operation and its failures.

  1389 

  1390 \end{frame}}

  1391 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

  1392 

  1393 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

  1394 \mode<presentation>{

  1395 \begin{frame}[c]

  1396 \frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 4\end{tabular}}

  1397 

  1398 {\bf What other risks does the security solution cause?}\bigskip

  1399 

  1400 This question addresses what might be called the problem of unintended consequences. Security solutions have ripple effects, and most cause new security problems. The trick is to understand the new problems and make sure they are smaller than the old ones.

  1401 

  1402 \end{frame}}

  1403 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

  1404 

  1405 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

  1406 \mode<presentation>{

  1407 \begin{frame}[c]

  1408 \frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 5\end{tabular}}

  1409 

  1410 {\bf What costs and trade-offs does the security solution impose?}\bigskip

  1411 

  1412 Every security system has costs and requires trade-offs. Most security costs money, sometimes substantial amounts; but other trade-offs may be more important, ranging from matters of convenience and comfort to issues involving basic freedoms like privacy. Understanding these trade-offs is essential.

  1413 

  1414 \end{frame}}

  1415 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

  1416 

  1417