Now that you know what you want to protect and what its value is, and you have spent some time evaluating the cost of security vs. the cost of replacement, you are ready to actually start on a tactic.
Passwords? Security systems?
No.
The first and most fundamental tactic in security is to reduce your potential loss in the case of a successful attack.
Lemme 'splain:
I mentioned the cost of replacement when I talked about planning the costs of security in the last rant.
The absolutely best way to reduce the cost of security is to bring the cost of replacement down to zero.
If you have nothing to protect, you don't need to spend money, time, or other resources protecting anything.
Moreover, you don't care if people walk off with anything, so you basically go into a sharing mode. That reduces the motivation of many attackers, since there is nothing to steal.
Sharing is a good way to turn enemies into friends, which is another good way of reducing the number of potential attackers.
Well, if everything were infinitely reproducible, we could basically get rid of both military warfare and excessive economic competition.
Okay, it's an ideal. But it is a meaningful ideal. If you are having serious security problems, you should re-evaluate your resources, operations, facilities, etc. If there are things you don't need to protect, quit trying to protect them, and security issues disappear like snow in the tropical sun.
And, until you take this step, everything else is a just a bandaid.
No comments:
Post a Comment