PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
February 2002

Q&A: Cracking the information security paradigm with Ross Anderson

Question: In your book, Security Engineering (John Wiley & Sons, 2001), you wrote that it's quite common for designers to secure the wrong things. How do you think that system designers can develop the ability to know what the right thing is? Answer: Well, ultimately, it comes down to experience. One of the reasons I wrote the book is to make a lot of case histories available. Unfortunately, security is a business driven by fashions, and at the moment the fashion is for messing around with firewalls, virtual private networks (VPN), worrying about stack smashing attacks ... this "evil hacker on the Internet." But, of course, the real world isn't like that. The fashion has been for different things at different times. Sometimes the evil hacker has been the person who used to justify the security budgets. In the early 1980s, the technology of choice was the dial-back modem. Computer viruses came along, and people forgot about the hacker. He was no longer necessary as a justification for the information security department's ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue

  • Security startups: Recipe for success

    by  Robert Logan

    Stir one part technologist with one part experienced CEO and some VC money and you have the recipe for successful security startups.

  • Secure reads: The CISSP Prep Guide, CISSP Exam Cram

    by  SearchSecurity staff

    Although efficient study guides for cramming before the CISSP test, The CISSP Prep Guide and the CISSP Exam Cram won't advance the infosec profession and are likely plagiarized.