Linux Today: Linux News On Internet Time.

LinuxSecurity.com: Approaches to choosing the strength of your security measures

Jan 29, 2002, 14:08 (1 Talkback[s])
(Other stories by Anton Chuvakin)

[ Thanks to LinuxSecurity Contributor for this link. ]

Ideally, security should be user-independent (security of the system should not depend upon the decision of an end-user), user-transparent (does not prevent or hinder any authorized action of the user), effective! (stop all unauthorized actions of a legitimate user and all actions of an intruder) and cost-effective (not cost more than the protected assets). Security measures should also be flexible to reflect a fast-paced and somewhat chaotic environment of the modern infosec threat landscape.

To conclude, too much security can be as much of a problem in some cases as too little. Restrictive and unjustified security measures especially those not based on a security policy can lower productivity of human and performance of technology components of a business. Implementing effective security requires careful design, and a need analysis and detailed risk analysis should be done first. Such assessments are then followed up with an implementation plan, where organizational communication, policy, maintenance plans, training and deployment are considered (to name a few)."

Complete Story