Index ¦ Archives ¦ Atom

Security is not a binary thing

Balancing, estimation, & trade-offs

As with most anything in life, security is about balancing risk, estimating outcomes, and making trade-offs. For example:

  • ALLOW vs. DENY

  • vulnerability & exposure vs. resources & opportunity

  • FUD vs. impact x likelihood = risk

  • preventative vs. reactive vs. detective controls

  • paranoia vs. trust

  • people vs. process vs. technology

  • freeform vs. structured

  • secure / hardened vs. usable / accessible

  • unskilled "script kiddie" vs. skilled adversary

  • delivering results now vs. delivering more-secure results later

Success is sometimes dependent on navigating those trade-offs across the security stack (or whatever view/framework/reality you prefer to apply). The rest of the time, we may have just got lucky.

© Jamie Finnigan; opinions my own and not my employers. Built using Pelican. Modified from theme by Giulio Fidente on github.