Presumed Security
   HOME

TheInfoList



Click Here for Items Related To - Presumed Security
OR:
Presumed Security on:   [Wikipedia]   [Google]   [Amazon]

Presumed security is a principle in
security engineering Security engineering is the process of incorporating security controls into an information system so that the controls become an integral part of the system’s operational capabilities. It is similar to other systems engineering activities in tha ...
that a system is safe from attack due to an attacker assuming, on the basis of probability, that it is secure. Presumed security is the opposite of
security through obscurity Security through obscurity (or security by obscurity) is the reliance in security engineering on design or implementation secrecy as the main method of providing security to a system or component. History An early opponent of security through ob ...
. A system relying on security through obscurity may have actual security vulnerabilities, but its owners or designers deliberately make the system more complex in the hope that attackers are unable to find a flaw. Conversely a system relying on presumed security makes no attempt to address its security flaws, which may be publicly known, but instead relies upon potential attackers simply assuming that the target is not worth attacking. The reasons for an attacker to make this assumption may range from personal risk (the attacker believes the system owners can easily identify, capture and prosecute them) to technological knowledge (the attacker believes the system owners have sufficient knowledge of security techniques to ensure no flaws exist, rendering an attack moot). Although this approach to security is implicitly understood by security professionals, it is rarely discussed or documented. The phrase "presumed security" appears to have been first coined by the security commentary website Zero Flaws. The article uses the
Royal Military Academy Sandhurst The Royal Military Academy Sandhurst (RMAS or RMA Sandhurst), commonly known simply as Sandhurst, is one of several military academies of the United Kingdom and is the British Army's initial officer training centre. It is located in the town of ...
as an example, focusing on the apparent lack of entry security and contrasting it against the presumed security a military installation will have. The article also details the flaws inherent in a trust seal such as the Verisign Secure Site seal, and explains why this presumed security approach is actually detrimental to an overall security posture.


References & notes

{{DEFAULTSORT:Presumed Security Security engineering