• “So the threat to cryptography is well understood due to work by Peter Shor and others. A symmetric algorithm like AES or others standard crypto processes is cut (of) key-size in half, which is a dramatic reduction. ... For key management purposes, against the RSA and the Diffie-Hellman and stuff, they flat-line under a quantum computer.

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), Public Key Cryptography 30th Anniversary Conference, Dec 2006

    Read more...
  • “The current way which organisations approach security can be recognised as an underlying market failure which consists of fire fighting security problems, silo'd implementation of technologies, uncontrolled application development practices and a failure to address systemic problems. Organisations tend to deal with one problem at a time that results in the deployment of point solutions to treat singular problems. This failure is typical of an uncontrolled marketplace evolving with little or no co-ordination.

    The British Government’s Technology Strategy Board, 2008
    Read more...

  • "But conventional security is not enough. The complexity of today's operational environment means organisations must embrace a level of business resilience that is normally associated with the protection of critical national infrastructure."

    Detica, a BAE Systems Company

    Read more...
Home Resources Expert Opinions Information assurance quote: SecurIST, Perception of risk can vary significantly from actual risk
quote: SecurIST, Perception of risk can vary significantly from actual risk

The privacy, security and dependability requirements of the citizen are, therefore, much broader than the pure protection of personal data and the continued accessibility of critical services. Any transaction that is performed in the Information Society, any process that is established electronically and any service that is offered over ICT must be trustworthy, i.e. dependable and inherently secure. This can also mean that the citizen can justifiably trust (in the sense of ‘depend on’) that certain information flows do not happen - or by design only happen in a way where citizen retains control. In a privatized, decentralized and dispersed communications environment, the number of central control organisations will significantly decrease. 

Nevertheless, citizens should be able to determine whom they are willing to trust (for what purposes, and to what extent), but there can also be a large set of parties involved in services and processes, such that a trust decision might be highly complicated or even impossible for citizens to make.
...
One should not assume that stakeholders do not care about their security merely because they do not understand the consequences of certain actions. The perception of risk can vary significantly from actual risk and, in the short term, convenience may lead some early adopters to make hazardous decisions.

SecurIST, “D3.3 – ICT Security & Dependability Research beyond 2010: Final Strategy”, January 2007
 

Related Items