1 00:00:01,110 --> 00:00:05,310 Now let us try to apply what we know about data security to computer systems security 2 00:00:07,940 --> 00:00:14,270 from the perspective of the user a perfect computer system should be Cheap functional. 3 00:00:14,270 --> 00:00:18,660 That is it should do everything we wanted to do and the most intuitive way. 4 00:00:18,770 --> 00:00:25,770 And at the same time secure users are flooded with reminders that security is important and that they 5 00:00:25,770 --> 00:00:28,000 should not use unsafe software. 6 00:00:29,650 --> 00:00:34,250 Unfortunately such a system does not exist. 7 00:00:34,340 --> 00:00:39,680 Let us drop computer systems for a moment and try to tackle this problem from the perspective of a single 8 00:00:39,680 --> 00:00:40,570 program. 9 00:00:43,010 --> 00:00:49,060 It turns out that you can't develop an application that would be equally cheap functional and secure. 10 00:00:51,860 --> 00:00:57,310 At best you can only have two of them at the same time. 11 00:00:57,450 --> 00:01:01,340 You can create cheap and secure software but it will not be functional. 12 00:01:03,840 --> 00:01:09,660 For example older Unix servers were cheap and secure. 13 00:01:09,820 --> 00:01:15,810 They had few vulnerable areas but basic installation options did not provide enough functionality. 14 00:01:17,770 --> 00:01:24,370 What they did provide was command line interface and some basic services. 15 00:01:24,450 --> 00:01:27,840 By definition fewer vulnerable areas equal more security 16 00:01:30,790 --> 00:01:34,270 Unix distributions are cheap for the end user. 17 00:01:34,480 --> 00:01:38,530 Yet from the same perspective they are also simply not functional enough. 18 00:01:40,950 --> 00:01:45,920 There are firms that specialize in designing solutions which are both secure and functional. 19 00:01:47,580 --> 00:01:52,090 However their products are not cheap. 20 00:01:52,200 --> 00:01:56,140 Thus the price of security is similar to the price of functionality. 21 00:01:58,730 --> 00:02:03,370 To sum up there are no solutions that would be equally secure functional and cheap 22 00:02:06,170 --> 00:02:06,940 at best. 23 00:02:06,980 --> 00:02:12,020 Out of these three you can only choose to. 24 00:02:12,100 --> 00:02:15,670 For years we've preferred low price and functionality over security 25 00:02:18,240 --> 00:02:18,830 recently. 26 00:02:18,830 --> 00:02:22,630 Things have changed however. 27 00:02:22,680 --> 00:02:24,300 Another dilemma arises. 28 00:02:24,420 --> 00:02:31,850 Should we choose security and low price or security and functionality. 29 00:02:31,920 --> 00:02:39,220 For example Windows 98 was the answer to a demand for cheap and functional systems. 30 00:02:39,280 --> 00:02:44,940 It was relatively inexpensive and worked with most popular software. 31 00:02:45,000 --> 00:02:47,870 However it definitely wasn't a secure system. 32 00:02:50,670 --> 00:02:57,220 Nowadays in response to negative feedback from users the Microsoft company pays more attention to the 33 00:02:57,220 --> 00:02:58,930 security of its products. 34 00:03:00,580 --> 00:03:04,980 All the principles we've mentioned applied primarily to data. 35 00:03:05,080 --> 00:03:10,090 They are equally true with regards to computer systems. 36 00:03:10,110 --> 00:03:15,400 It is very difficult to create a system that would be secure functional and cheap at the same time. 37 00:03:17,680 --> 00:03:22,510 You have to decide what your priorities are and look for a compromise. 38 00:03:23,770 --> 00:03:29,930 When you consider security solutions and security policy you have to take into consideration the issue 39 00:03:29,930 --> 00:03:32,580 of risk management and decision making. 40 00:03:34,900 --> 00:03:43,610 For example when you make a business decision you have to consider potential profits and losses in much 41 00:03:43,610 --> 00:03:46,890 the same way security solutions must be cost effective. 42 00:03:49,090 --> 00:03:51,530 Unfortunately this is still hard to achieve. 43 00:03:52,470 --> 00:03:56,240 In consequence security solutions we use are often ineffective.