bloomberg on supermicro: sky is falling

• Previous message (by thread): bloomberg on supermicro: sky is falling
• Next message (by thread): bloomberg on supermicro: sky is falling
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 10, 2018 at 11:25 AM Naslund, Steve <SNaslund at medline.com> wrote:
> You are free to disagree all you want with the default deny-all
> policy but it is a DoD 5200.28-STD requirement and NSA
> Orange Book TCSEC requirement.

And yet I got my DoD system ATOed my way earlier this year by
demonstrating to the security controls assessment team that the cost
of default-deny-all exceeded the risk cost of default-allow with IDS
alerts on unexpected traffic.

Because not spending more on a security implementation than the amount
by which it reduces the risk cost, is a CORE SECURITY PRINCIPLE while
default-deny-all is merely a standard policy.

Regards,
Bill Herrin



-- 
William Herrin ................ herrin at dirtside.com  bill at herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>

• Previous message (by thread): bloomberg on supermicro: sky is falling
• Next message (by thread): bloomberg on supermicro: sky is falling
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]