Scope difference between traditional and IT engineering

 

Regular engineering

  • Hold up to storms, heat, wear, and tear
  • Normal presumptions
    • “Acts of God”
    • Carelessness of man
    • “Murphy’s Law”
  • Test for errors and mischance
  • ... and other fairly predictable factors

Safety engineering 

  • All of the above plus…
  • Random, accidental and transient faults

IT / Security engineering

  • All of the above plus… 
  • Ordinary people who put convenience first
  • Malicious intent and behavior
  • By intelligent, clever, devious, unpredictable and cheating opponents
Oval diagram with 3 levels, smallest is Regular Engineering, middle is Safety engineering which encompasses Regular Engineering. Largest oval is Security Engineering which encompasses both Safety and Regular Engineering.

 

IT / security systems have to be based on the principal that they will be attacked and compromised

General Security

“An ounce of prevention is a pound of cure”

Bug fixes, earlier is better (and cheaper)

 

Internet Security

“An ounce of prevention is a ton of cure”

Internet systems will be attacked and compromised

 

More important to… 

Estimate effort required to break it and...

...determine how it breaks

 

Proving a “negative” is impossible

Need to build trust through time, analysis and reputation

Let us help you change your mindset and address cybersecurity

Cybersecurity