Re: [iwar] Difference between IW and RA and Comp Sec etc

From: Fred Cohen (
Date: 2001-04-10 18:20:13

Return-Path: <>
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 10 Apr 2001 18:21:08 -0700 (PDT)
Received: (qmail 16854 invoked by uid 510); 11 Apr 2001 00:21:22 -0000
Received: from ( by with SMTP; 11 Apr 2001 00:21:22 -0000
Received: from [] by with NNFMP; 11 Apr 2001 01:20:16 -0000
Received: (EGP: mail-7_1_1); 11 Apr 2001 01:20:16 -0000
Received: (qmail 75111 invoked from network); 11 Apr 2001 01:20:15 -0000
Received: from unknown ( by with QMQP; 11 Apr 2001 01:20:15 -0000
Received: from unknown (HELO ( by mta1 with SMTP; 11 Apr 2001 01:20:14 -0000
Received: (from fc@localhost) by (8.9.3/8.7.3) id SAA27051 for; Tue, 10 Apr 2001 18:20:13 -0700
Message-Id: <>
In-Reply-To: <> from "Tony Bartoletti" at Apr 10, 2001 04:41:14 PM
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <>
Mailing-List: list; contact
Delivered-To: mailing list
Precedence: bulk
List-Unsubscribe: <>
Date: Tue, 10 Apr 2001 18:20:13 -0700 (PDT)
Subject: Re: [iwar] Difference between IW and RA and Comp Sec etc
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Per the message sent by Tony Bartoletti:

> At 03:56 PM 4/10/01 -0700, you wrote:

> > > How about "Computer Security involves local/defensive measures taken to
> > > address the safety of your information processing."
> >
> >Wrong words.  Try proteciton - not security.

> Perhaps you are really saying that computer security is the reasonable 
> assurance that your info-systems are "safe", derived from an ensemble of 
> measures that might range from "protections" all the way through the threat 
> of massive physical retaliation.

No.  I am saying that the term 'security' means the feeling of safety.
The word 'protection' means keeping from harm.
They are very different things.

> I am hoping to define "computer security" (InfoSec*) a bit more tightly.

	Information security - feeling safe about information.

> What range of "protections" is limited to "computer" protections?

	Computer protections - all measures that can be used to keep
	computers (not people) from harm.

> What elements of computer security (InfoSec*) lie beyond mere protections?

		Computer Security != InfoSec
because:	Computer != Information

> *NOTE:  I know that "InfoSec" can involve being careful to whom you talk 
> while on foreign travel, etc.  But in the context of "Symbol Warfare", I am 
> using InfoSec in the signal-processing sense.  Is this wrong?

Not 'right' and 'wrong' - only my view and yours.

Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225
  Fred Cohen & Associates: - - tel/fax:925-454-0171
      Fred Cohen - Practitioner in Residence - The University of New Haven
   This communication is confidential to the parties it is intended to serve.
	PGP keys: - Have a great day!!!

------------------------ Yahoo! Groups Sponsor ---------------------~-~>
Do you have 128-bit SSL encryption server security?
Get VeriSign's FREE Guide, "Securing Your
Web Site for Business." Get it now!


Your use of Yahoo! Groups is subject to 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:08 PDT