This is a personal web-site of
Arsen Shirokov, CISSP, CISA, CCSP (expired), CCIE Security (written, expired), etc.
LinkedIn:
https://www.linkedin.com/e/fps/2796770/Resume available upon request.
If there's one general precept of security policy that is universally true, it is that
security works best when the entity that is in the best position to mitigate the risk is responsible for that risk.
Bruce Schneier
If a piece of information doesn't have to be correct for the system to work, sooner or later it won't be.
Not exactly a security aphorism but often causes failures of
security systems, in Bruce Schneier's sense of the term.
The exact wording has been borrowed from
Chris Siebenmann's Wandering Thoughts blog.
Security only works if the secure way also happens to be the easy way.
You can also find this postulate
on the Microsoft site (posted in 2000 - amazing, as the success of their business has always been based on the "easy way", which as we all know was rarely a "secure way").