Monday, August 15, 2005

More security equals less security?

Sometimes more security equals less security. There are 3 cases were this simple principle applies:
1- When we forget security must be implemented by people

2- When the right process is not implemented

3- When the technology for security is faulty

Successful implementation of security is first a people issue. Involvement of people requires building their skills, knowledge and weariness to the correct levels required. The usage of more sophisticate and elaborate technology requires at better skills level to minimize the impact human factor. The human factor elements include human error and exposure to social engineering tactics.

successfully implementation of security requires a continuous and disciplined process. Security process is about repeating day after day the same proven steps without deviation. Perfect is the enemy of good enough (Voltaire was right when he said "perfect is the enemy of good enough...”) ... There is no such thing as perfect security, but a security which does not follow the established processes is doomed to failure.
successfullyl implementation of security requires solid and proven security technologies. Lately hackers have moved into taking advantage of flaws in security products. It is important your entire system be secure but also your security technology must itself also be secured. For a long time security companies have taken advantage of security flaws in users computer environments to spread fear and enlarge their sales in the process. With new security flaws being discovered in their products the focus has now been turned on them.

1 Comments:

Blogger Blog Intro said...

You have a great Blog. I would love to link to you. My readers would find your posts very interesting. Just submit it to my site at BlogIntroduction.com

11:20 PM  

Post a Comment

<< Home