Wednesday, December 17

The Value of Security Audit

Bruce Schneir wrote in the Wall St. Journal last week:

Most security against crime comes from audit. Of course we use locks and alarms,but we don't wear bulletproof vests. The police provide for our safety by investigating crimes after the fact and prosecuting the guilty: that's audit.
Wouldn't it be nice if the police got an email alert every time a gun was fired with the name of the person shooting, where it happened, time & date, what they hit, what type of gun, etc.? Schneir was obviously using an analogy to talk about information technology.

And in IT, these types of alerts are actually possible!

Also, earlier in the article, Schneir concisely sums up a related point:
Audit helps ensure that people don't abuse positions of trust.
So, yes – Audit to catch and deter evil doers (to use the term one last time) AND to ensure that system administrators' power is kept in check. And go for the fancy email alerts too.


Peter Jalaff said...

I love Bruce Schneier, I've been a fan since we came to MS and bashed their Windows security back in 2000. He could change his last name though to something easier to spell - like Smith...

Matt Flynn said...

Hey Peter, Welcome to the blog world - I added you to my list. Now go forth and write good things ;) BTW - there's a bunch in my archive on the meta vs virtual debate.