how to think about security

Security is all about tradeoffs. Bruce Schneier has five steps you need to take when making a security-related decision:

  1. What problem does the security measure solve?
  2. How well does the security measure solve the problem?
  3. What other security problems does the measure cause?
  4. What are the costs of the security measure?
  5. Given the answers to steps two through four, is the security measure worth the costs?

Leave a comment

Your email address will not be published. Required fields are marked *