{"id":13,"date":"2008-09-26T15:55:47","date_gmt":"2008-09-26T19:55:47","guid":{"rendered":"http:\/\/www.szmidt.org\/blog2\/?p=13"},"modified":"2009-03-19T12:57:23","modified_gmt":"2009-03-19T16:57:23","slug":"physical-security-maxims","status":"publish","type":"post","link":"https:\/\/www.szmidt.org\/blog2\/2008\/09\/26\/physical-security-maxims\/","title":{"rendered":"Physical Security Maxims"},"content":{"rendered":"<p>Security whether physical, computer or any other area, is seldom understood. Arbitrary ideas that saves someone from doing something is usually chosen. It is next to impossible to overstate the amount of ignorance and stupidity demonstrated whenever security is considered. This list brings home the balance of secure vs insecure. Of course security is about balancing security vs useable and practical.<\/p>\n<p>Here&#8217;s excerpts from a list of maxims produced and assembled by Roger G. Johnston, Ph.D., CPP in the Vulnerability Assessment Team at Argonne National Laboratory.<\/p>\n<p>(You can see the whole list at\u00c2\u00a0 <a href='http:\/\/www.schneier.com\/blog\/archives\/2008\/09\/security_maxims.html#comments'>www.schneier.com<\/a>)<\/p>\n<p>Physical Security Maxims<br \/>\nRoger G. Johnston, Ph.D., CPP<\/p>\n<p>Security Maxims<br \/>\nThe following maxims, based on our experience with physical<br \/>\nsecurity, nuclear safeguards, &amp; vulnerability assessments, are<br \/>\nnot absolute laws or theorems, but they will be essentially<br \/>\ncorrect 80-90% of the time.<\/p>\n<p>Infinity Maxim: There are an unlimited number of security<br \/>\nvulnerabilities for a given security device, system, or program,<br \/>\nmost of which will never be discovered (by the good guys or<br \/>\nbad guys).<\/p>\n<p>Arrogance Maxim: The ease of defeating a security device<br \/>\nor system is proportional to how confident\/arrogant the designer,<br \/>\nmanufacturer, or user is about it, and to how often they use<br \/>\nwords like &#8220;impossible&#8221; or &#8220;tamper-proof&#8221;.<\/p>\n<p>Ignorance is Bliss Maxim: The confidence that people have in<br \/>\nsecurity is inversely proportional to how much they know about it.<\/p>\n<p>Be Afraid, Be Very Afraid Maxim: If you&#8217;re not running<br \/>\nscared, you have bad security or a bad security product.<\/p>\n<p>High-Tech Maxim: The amount of careful thinking that has<br \/>\ngone into a given security device, system, or program is<br \/>\ninversely proportional to the amount of high-technology it uses.<\/p>\n<p>Schneier&#8217;s Maxim #1: The more excited people are about a given<br \/>\nsecurity technology, the less they understand (1) that technology<br \/>\nand (2) their own security problems.<\/p>\n","protected":false},"excerpt":{"rendered":"<p> [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[7],"tags":[],"class_list":["post-13","post","type-post","status-publish","format-standard","hentry","category-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/posts\/13","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/comments?post=13"}],"version-history":[{"count":3,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/posts\/13\/revisions"}],"predecessor-version":[{"id":26,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/posts\/13\/revisions\/26"}],"wp:attachment":[{"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/media?parent=13"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/categories?post=13"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/tags?post=13"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}