LinuxSecurity.com: Approaches to choosing the strength of your security measures

[ Thanks to LinuxSecurity Contributor
for this link. ]

Ideally, security should be user-independent (security
of the system should not depend upon the decision of an end-user),
user-transparent (does not prevent or hinder any authorized action
of the user), effective! (stop all unauthorized actions of a
legitimate user and all actions of an intruder) and cost-effective
(not cost more than the protected assets). Security measures should
also be flexible to reflect a fast-paced and somewhat chaotic
environment of the modern infosec threat landscape.

To conclude, too much security can be as much of a problem in
some cases as too little. Restrictive and unjustified security
measures especially those not based on a security policy can lower
productivity of human and performance of technology components of a
business. Implementing effective security requires careful design,
and a need analysis and detailed risk analysis should be done
first. Such assessments are then followed up with an implementation
plan, where organizational communication, policy, maintenance
plans, training and deployment are considered (to name a few).”

Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis