Skip to main content

Taking Security Too Far: Breaking the Business Process

Read the following statement:
apparently the advent of 3D projectors is severely cutting the amount of light that reaches the screen because projectionists are not changing out the 3D lenses for 2D screenings as they should

Would you believe that a poorly planned security process is at fault of our enjoyment of 3D movies?  With more and more thought being given to security, and protecting the intellectual property of the organization, it is possible for those controls to go too far.
Hollywood is making a trade-off here: believing that 3D and digital are the new technologies that will get people back into theaters BUT believing that anything not locked down will be copied and redistributed without payment, the studios et al have opted to secure the projectors. Understandable. But in doing so, they've made it difficult for the people running the projectors to do their jobs properly.

While it is a great idea to make sure that the business is protected, making security too much of a challenge for people to do their jobs results in poor returns for everyone.
Opening the projector alone involves security clearances and Internet passwords, 'and if you don't do it right, the machine will shut down on you.'

when the designers developed the projector's security, they failed to consider who would be using it, their level of technical capabilities, and their own internal risk model ("If I do this complicated and difficult thing and make a mistake the projector will lock up and the screening will have to be canceled and I'll probably get fired.") The upshot is poor design that defeats the purpose.

When you are designing your next security model, give lots of thought to the business and its ultimate goals.  Make sure you are not a hindrance to the bottom line.

Reference: When Threat Models Collide
Labels:

Comments

Post a Comment

Popular posts from this blog

Policies and Controls are King in the IT Security world

I came across an article by Roger Grimes over at Infoworld on how security policies and controls are the real power when it comes to IT security. Roger mentions the SANS 20 Critical Security Controls for Effective Cyber Defence , which are a great read for anyone looking at updating or auditing your policies for completeness. The SANS top 20 controls are a must for any organization: Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Boundary Defense Maintenance, Monitoring, and Analysis of Security Audit Logs Application Software Security Controlled Use of Administrative Privileges Controlled Access Based on the Need to Know Continuous Vulnerability Assessment and Remediation Account Monitoring and Control Malware Defenses Limitation and Control
Post a Comment
Read more

Error 217 - Error creating product object on Domino 64 bit

I'd like to share something with you.   An error that you'll get if you are trying to use ODBC with Domino 8.5.1 64bit. It starts out with an agent error of Error 217.  The text of the error is "Error creating product object" You can read about it here on the Notes/Domino forum . You can find the solution here as well . I guess I'm now waiting for Domino 8.5.2 for a solution for this.   It would have been nice to have had this in the release notes.  It would have help me greatly.
5 comments
Read more

Reminder: Increase the maximum available memory on your Lotus Notes client JVM today!

Yup, that's right.  Public Service Announcement time. If you haven't increased the maximum memory available to your Lotus Notes JVM yet, what are you waiting for? By default, the Notes JVM only has 256mb of memory available to it.  On a system with 4GB+ of memory, you should be easily able to increase it to 1/4 to 1/3 of the system memory and improve the end user performance. Here's how: Shut down Lotus Notes. In order to make sure that all processes are stopped, run this command:  Start -> Run Type: C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe -kill Open: C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\deploy\ Open the "jvm.properties" file in a text editor like notepad.  You will possibly require Administrator permissions. At the beginning of the file, you will see text surrounded by a lot of pound signs ####. The first ‘property’ after the last # sign is: vmarg.Xmx=-Xmx256m Change 256m to 1024m so that the line reads: vmarg.X
3 comments
Read more