[SCADASEC] GAO: TVA Power Plants Vulnerable to Cyber Attacks
Marc Tritschler
marctrit at googlemail.com
Wed May 21 13:19:03 CDT 2008
I'm no expert, but I think this is an example of a syllogistic mistake...
Organisations need to ensure that their operations are as secure as
possible.
Compliance with a security standard does not prove that operations are as
secure as possible.
Organisations do not need to be compliant with security standards.
And here is the correct syllogism (I hope)...
Organisations need to ensure that their operations are as secure as
possible.
Compliance with a security standard does not prove that operations are as
secure as possible.
Organisations that are compliant with security standards have not proven
that their operations are as secure as possible.
Marc
2008/5/21 Matthew Franz <mdfranz at gmail.com>:
> Kevin,
>
> Not to be cheeky, but your point?
>
> Are you inferring that if we are in compliance we are not "secure"
> (however you might measure that, test that, etc.) and therefore we
> shouldn't bother with compliance? Is this another variation of the
> whole "standards provide a false sense of security" argument,
> therefore we should sit on our hands or endlessly argue about what it
> means to be "secure." Been there/seen that....
>
> - mdf
>
> On Wed, May 21, 2008 at 12:15 PM, Kevin Lackey <jabberwoq at gmail.com>
> wrote:
> > Being compliant with a standard does not in anyway infer secure. It just
> > infers compliance with the standard.
> > Kevin
> >
>
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our privacy statement, please visit:
> http://www.infracritical.com/privacy.html
>
> scadasec at news.infracritical.com
> http://news.infracritical.com/mailman/listinfo/scadasec
>
More information about the scadasec
mailing list