[mythtv-users] Parental Controls -- Time of Viewing
Joseph Fry
joe at thefrys.com
Thu Feb 12 05:16:21 UTC 2015
On Wed, Feb 11, 2015 at 8:41 PM, Gary Buhrmaster <gary.buhrmaster at gmail.com>
wrote:
> On Thu, Feb 12, 2015 at 12:59 AM, Mark Perkins <perkins1724 at hotmail.com>
> wrote:
> ....
> > Not to draw too long a bow here, but you may be interested to note that
> in risk and hazard control, engineering controls are deemed to be more
> effective than administration (training) controls.
>
> Good engineering controls, sure.
>
> But not to remove the arrows from your quiver, but engineering
> controls that are trivial to circumvent, and have a high
> positive return to circumvent, are often considered some
> of the most useless (and sometimes, dangerous) controls
> to put in place no matter the optics of putting them in
> place (although, if ones goal is a check mark in a box
> of risk mitigation (as all too many of these exercises are),
> rather than actual mitigation, then you get the points).
> Higher fences that one can simply walk 20 meters around
> is not a control. A computer where you have to enter the
> password on the post-it note on the bottom of the keyboard
> is not a control.
>
Your argument is completely baseless due to the fact that all controls fall
within a range of effectiveness. And in most cases the more effective the
control, the higher the cost (not necessarily financial cost). Risk
mitigation is all about balancing the effectiveness of the control and its
acceptance. We all know that passwords are only moderately effective...
which is why many organizations are moving to two factor authentication
schemes.
A choice between a hard solution (engineering control) and a soft solution
(user training) will almost always fall in favor of the engineering
control. However within that spectrum there are a multitude of solutions,
and every potential solution has to be evaluated for potential paths that
they can be circumvented.
There are times when a engineering solution can be bad. For example, when
too much faith is put in in one control, and additional controls and
monitoring are not implemented (as seen in a lot of security breaches in
IT).
If it were me, I would be more concerned with my young kid (assuming this
is a 3-5 year old) being up alone in the morning. There is a lot that
could happen that may go unnoticed until it is too late, so I would use a
motion alarm or baby monitor to ensure that I woke up when he left his room
or the hallway.
I would personally have a TV in my room that he could watch in the mornings
when he can't sleep. Get in some good cuddle time and you get to stay in
bed dozing while he gets his dose of sponge bob. I suspect that he would
love that solution, and therefore additional controls may be unnecessary.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20150212/b0557640/attachment.html>
More information about the mythtv-users
mailing list