The Backhoe: A Real Cyberthreat? [ & Re: cyber-redundancy ]
Trust is a very nebulous concept.<<
And mistrust is a far less nebulous concept, obviously. It seems to me that you will dispel just about anything I present in this regard. Do you trust banks that hold your escrow funds during home purchasing? How does Iron Mountain gain the trust of its enterprise customers who archive their IP, tapes, sofware and family jewels with them? The following is very interesting to me:
There is a working group involving several carriers, financial institutions and the government to create something for customers with these types of requirements.
Which standards body are you referring to that has such a working group? ----Sean Donelan <sean@donelan.com>: Sent: Fri Jan 20 19:51: If CPA's were trusted, why aren't there big six CPA firms anymore? Who was the CPA for ENRON? If you trusted them to audit ENRON's financial books, would you also trust them to audit their route information? Why do you think CPA firms would do a better job doing at auditing ENRON's routes than they did their financial books? Trust is a very nebulous concept. Every industry opposes more rules and regulations. Do we really want ordering an ordinary telephone line to require as much paperwork as getting a mortgage? On the other hand, as you know, when you actually read all that paperwork, tariffs, standards, technical practices, etc; carriers don't promise very much. And they usually deliver on that promise. Banks refuse to promise they will never be robbed, and carriers refuse to promise their circuits will never go down. There is a working group involving several carriers, financial institutions and the government to create something for customers with these types of requirements. The challenge is for everyone is deciding what it actually means, how to implement it, and what will it cost. And even after all that, circuits will still go down. Frank A. Coluccio DTI Consulting Inc. 212-587-8150 Office 347-526-6788 Mobile
On Fri, 20 Jan 2006, Frank Coluccio wrote:
Which standards body are you referring to that has such a working group?
I guess forwarding private messages to public lists should be expected. In any case, you can look at the National Security Telecommunications Advisory Committee (NSTAC) which includes members from several industries. <http://www.ncs.gov/nstac/nstac.html>. Together the Alliance for Telecommunication Industry Solutions (ATIS) <http://www.atis.org> and the Federal Reserve System <http://www.federalreserve.gov> created the National Diversity Assurance Initiative.
National Diversity Assurance Initiative.
The financial services industry participates in many organizations such as BITS and the Financial Services Roudtable. A couple of extracts from some slides in a BITS presentation ----slide--- Since 9/11, the financial services industry and government have learned that the correct working assumptions are: ? Diversity cannot be ordered from two different carriers. ? Diversity must be engineered and has different meanings to different carriers. ------------ ----slide--- To comply with regulatory requirements and address today?s risks, financial institutions seek telecom providers that offer: ? No single point of failure ? Resilient infrastructure ? Engineered diversity and methods for maintaining engineered diversity over time ------------- Because there is confusion as to what "diversity" means, I use the term "separacy" to refer to the physical separation between two circuit paths regardless of whether the two paths are in a SONET ring or who owns the paths. People don't just want logical diversity, they want separacy of the two diverse circuits. --Michael Dillon
participants (3)
-
Frank Coluccio -
Michael.Dillonļ¼ btradianz.com -
Sean Donelan