assets and motives

How do they do it, asks the technician.

Why would they do it, asks the criminologist.

Considering motives is a great way to analyse potential abuse. What are the assets? What could make an adversary attempt to compromise the system?

If you run a bank, one answer is obvious. But people are not driven merely by financial gain. Revenge, power, politics, publicity, and let's not forget curiosity ("because I can"). The list goes on.

Get those assets and motives straightened out before calling the technician.


trusting a system

In the best of worlds, we could all trust each other not to compromise security qualities of information - neither intentionally nor accidentally.

In the real world there is not sufficient trust in this regard. Instead, we need to implement protective measures to uphold sufficient information security. When we cannot trust other parties as much as we like to, we need to establish trust in our protective measures instead.

What does it mean to trust a system? How do we create and maintain such trust?