Effective Security is all about assessing and mitigating risk - discussed by Bruce Schneier in his session titled "The Three Truths of Computer Security"

It's pure coincidence that many of my posts today discuss Bruce Schneier's content.

I came across an interesting webcast from Bruce Schneier while reading Julien Couvreur's Blog. The webcast is rather old (year 2000) though the vast majority of the content is so applicable today and I suspect it will be equally true for far too many years to come.

I love the quote of "Security is programming Satan's computer".

The abstract for the session as taken directly from the Multi-University Research Laboratory website is as follows:

"

Who:  

Bruce Schneier    (Counterpane Internet Security, Inc.)

Where:  

Microsoft Research

When:  

10/16/2000  1:30 PM (Pacific)

Length:  

90 minutes

Series:  

MSR Lectures 2000

Keywords:  Computer Security, Risk Management, Threat Avoidance, Safe Business on the Internet

Computer security has been studied for over 40 years, and today's networks are more insecure than ever. In this talk I explain the three truths of computer security that have led to this unfortunate reality--the computer-science model has failed, complex systems are inherently insecure, and the military security model does not apply. Thinking based on "risk management" and not "threat avoidance" is the only way to safely do business on the net, and I explain how."