Fundamental Security Definitions

A few fundamental security definitions are in order at this point:

  • Perfect Security: doesn’t exist except possibly in Geek mythology; like a flying unixorn.
  • Latest and Greatest Security: this is the latest hype that our favorite security vendors have cranked out for us; you don’t need to understand exactly what it does and what it doesn’t do because, anyway, you don’t know what assets you actually have and what they are worth, dead or alive.
  • Good-enough Security: this separates the men from the boys. You really shouldn’t try this at home unless you understand security. This requires you to know what assets you have, at least the top ten of them, how much they’re worth to whom, what risks to those assets security tools and processes deal with, and how much risk is left over after implementing those tools and processes.
  • WYSIWYG Security: this is “What You See Is What You Get” security; it’s the budget left over after allocating funds and resources for everything else your c-level executives can think of that you get for building secure defenses to protect your organizations assets. It is usually considered to be enough for Perfect Security until something bad happens, in which case the CIO and CISO are fired.

Mike Stone

Raanana Israel

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: