- Schneir's adversaries:
- Lone criminals. People who plan and carry out attacks on their
own, or with small groups.
- Malicious insiders. People with special access or knowledge
that enables their attack.
- (Industrial) espionage. Organized and targeted attacks using
many resources.
- The Press. Organizations interested in selling news, selling
advertising, or furthering other goals (including accountability and
access to information).
- Organized crime. "Lone criminals + money + organization"
- Police. They may use attacks in order to solve crime or
for other purposes, and usually have the law on their side.
- Terrorists. Organizations willing to sacrifice themselves
or others to achieve goals.
- Intelligence organizations. Might include espionage + police.
- Infowarriers. Um.... probably one of the above, but with
some sort of mission.
- Schneier's general security needs:
- Privacy
- Multilevel security (e.g., "need to know" plus accountability,
plus enforcability)
- Anonymity (is this needed? What do you think? When
are you anonymous?)
- Authentication: are you who you say you are? Can we match
a person or event with corresponding data correctly?
- Integrity. Are data accurate? Have they been changed?
- Audit. What's going on? When did it happen? Who did it?
(Question: what data are audited on the systems you use?)
- E-currency. Do you use it? (Think hard. Do you?)
- Proaction (e.g., fraud detection)
|