Mayfield's paradox

Mayfield's Paradox states that to keep everyone out of an information system requires an infinite amount of money, and to get everyone onto an information system also requires infinite money, while costs between these extremes are relatively low.[1]

The paradox is depicted as a U-curve, where the cost of a system is on the vertical axis, and the percentage of humanity that can access the system is on the horizontal axis. Acceptance of this paradox by the information security community was immediate, because it was consistent with the professional experiences of this group. Mayfield's Paradox points out that, at some point of the curve, additional security becomes unrealistically expensive. Conversely, at some point of the curve, it becomes unrealistically expensive to add additional users.

Based on the Paradox the Menz brothers developed the "Menz Theorems of Information and Physical Security". The theorems present two formulas covering access and security of both information systems and physical facilities. They are used to help determine allocation of resources and response levels.

Notes

  1. Mayfield; Cvitanic (2000). "Mathematical Proofs of Mayfield's Paradox: A Fundamental Principle of Information Security". Information Systems Control Journal. 2.
gollark: Also, you have to edit the code to load a new program.
gollark: Still, it outputs and inputs characters, so it's totally* compliant*.
gollark: It probably won't pass because of the not-exactly-accurate I/O method.
gollark: Oh no. WHICH test case?
gollark: Er, should you be saying that here? Spoilers.

See also

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.