Re: Draft Security Policy

[Steven Blair <sblair@synoptics.com>]

I can not understand why this paragraph was even included. It seems
to be totally unrelated to the overall document, and would be interested
to see if everyone feesl it should potentially deleted:


>>  Security is understood to include protection of the privacy of 
>>  information, protection of information against unauthorized 
>>  modification, protection of systems against denial of service, and 
>>  protection of systems against unauthorized access or use.  ["access" 
>> covers unauthorized database lookup, for example; "use" covers 
>> unauthorized logging in to a system.]

Let's take this one statement at a time:

>> Security is understood to include protection of the privacy of 
>>  information

OK, that's fairly clear, and by the "computer" terminology is redundant
to the mission of the document.

>>protection of information against unauthorized modification

OK, that should be better defined, as to not leave ambiguities
in that statement.

>> protection of systems against denial of service

HUH??

>>  and protection of systems against unauthorized access or use

That's the only realistic statement in the entire paragraph, to me.

Mabye a better wording would be:

Security includes the protection of private materials and their 
unauthorized use, modification, and/or access by unauthorized indviduals.
Security also includes the system<->system interactions which could impair,
or deny services to selected systems. 


steve blair sblair@synoptics.com hostmaster@synoptics.com