Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FDE] How important is FIPS 140-2 Level 1 cert?

from [dan] Network Security [Permanent Link]
Subject: Re: [FDE] How important is FIPS 140-2 Level 1 cert?
Date: Wed, 20 Dec 2006 14:55:09 -0500 

"Saqib Ali" writes:
-+-----------------
 | I would like to know how much weight people usually give to the
 | FIPS 140-2 Level 1 certification.
 | 
 | If two products have exactly same feature set, but one is FIPS
 | 140-2 Level 1 certified but cost twice. Would you go for it,
 | considering the Level 1 is the lowest.
 | 

Saqib,

I do not know the answer to your question,
but what you are looking for is known as
the point of indifference -- the differential
at which the consumer is indifferent between
two alternatives.  Two factors play in this:
absolute limits, if any, that prevent this game
from being played ("I won't spend over $100
on anything regardless"), and risk aversion.

Risk aversion is the more interesting one,
and folks with a decision analysis background
will know several ways to assess this.  At the
risk of self-advertisement, see slides 100-115
in geer.tinho.net/measuringsecurity.tutorial.pdf
for a short explanation of what I am talking
about.  (That 4-month-old version of the tutorial
will shortly be replaced with a new rev.  Ask
me more questions, offlist or onlist, if you
want to pursue this.)

--dan
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Linux auditing checklist, documents, jsimmons
Next by Date:  Re: domain slamming(?), Bob Jones
Previous by Thread:  How important is FIPS 140-2 Level 1 cert?, Saqib Ali
Next by Thread:  Benchmarking security posture, ttate
Indexes:  [Date] [Thread] [Top] [All Lists]