About
The Devil's Infosec Dictionary
Security Axioms
Physical Security Maxims
How to Suck at Information Security

PGP

ZERT mirror
About
This is a personal web-site of Arsen Shirokov, CISSP, CISA, CCSP (expired), CCIE Security (written, expired), etc.

LinkedIn: https://www.linkedin.com/e/fps/2796770/

Resume available upon request.

If there's one general precept of security policy that is universally true, it is that
security works best when the entity that is in the best position to mitigate the risk is responsible for that risk.

Bruce Schneier
The best way to solve a security problem is not to have it at all.

Example: The best defense against data loss via loss of portable devices is to not have the data on those devices in the first place.
If a piece of information doesn't have to be correct for the system to work, sooner or later it won't be.

Not exactly a security aphorism but often causes failures of security systems, in Bruce Schneier's sense of the term.
The exact wording has been borrowed from Chris Siebenmann's Wandering Thoughts blog.
Security only works if the secure way also happens to be the easy way.

You can also find this postulate on the Microsoft site (posted in 2000 - amazing, as the success of their business has always been based on the "easy way", which as we all know was rarely a "secure way").