Security is all about tradeoffs. Bruce Schneier has five steps you need to take when making a security-related decision:
- What problem does the security measure solve?
- How well does the security measure solve the problem?
- What other security problems does the measure cause?
- What are the costs of the security measure?
- Given the answers to steps two through four, is the security measure worth the costs?