Can security be measured in time?

Sometimes the simplest ideas stand the test of time... one can easily remember e=mc2...

What if one could apply a similar simple principle to security. "Time Based Security" was published by Winn Schwartau back in 1998, but still today stands the test of time (ISBN 0-672-31341-3). The foundation of Time Based Security (TBS) is centered around a simple equation designed to
contrast the importance of Protection, Detection, and Reaction. The equation put forward P>D+R provide the simple key elements of TBS; in which The time provided by Protection (controls and countermeasure) must be greater than the the time required to Detect (release a breach has taken place) and React (respond effectively to attack).

The principle is quite simple, no security will ever work if we focus only on protection (fortress mentality). One must spend much more effort the detection and response to attacks. The level of security we can achieve will be highly dependent on that level of agility.

Timebased security book