Brian J. Truskowski, General Manager of Internet Security Systems (ISS), gave a keynote presentation at RSA 2009. His talk touched on an interesting topic that he referred to as the "5 Key Factors of Complexity."
He identifies that the key cause of compromise is human nature; the ability that humans are susceptible to social engineering. Instead of focusing on securing systems, Mr. Truskowski argues that we should design systems that are "resistant to human frailty." He goes on to state, that designing these systems (by reducing complexity) is difficult.
According to Mr. Truskowski, the 5 key factors of complexity and the key to designing these systems are:
- Threats
- Compliance
- Technology
- Economics
- Business Needs
"It's like building the titanic. The ship's designers optimized around being able to withstand collisions at the sacrifice of maneuverability. There have been many theories over the years over why the Titanic sank, from Brittle steel to sub-standard rivets. But, in reality, it is obvious why the Titanic sank. It couldn't get out of the way of the iceberg. The Titatic's designers focused on size, strength, resilience, and luxury but not on maneuverability."I think Mr. Truskowski's talk was the hidden gem at RSA. It is an interesting idea for security vendors to begin focusing on things other than threats. Of course, if the idea gets legs, it will be 10-15 years before any change occurs. It is great to see people thinking holistically about security.
The video/webcast can be seen here: (5 Factors of Complexity starts at 19:49)