Basic Security Truths

A truly outstanding document on security thinking that is the bain of the Smiling Guard is found in Roger G. Johnston's (of the Argonne National Laboratory) superb paper: Security Maxims...one group of concerns I have been talking about in this blog but much better written!

A sample:

"We Have Met the Enemy and He is Us Maxim:  The insider threat from careless or complacent
employees & contractors exceeds the threat from malicious insiders (though the latter is not negligible.)
    Comment:  This is partially, though not totally, due to the fact that careless or complacent insiders often
unintentionally help nefarious outsiders."

"Fair Thee Well Maxim:  Employers who talk a lot about treating employees fairly typically treat employees
neither fairly nor (more importantly) well, thus aggravating the insider threat and employee turnover (which
is also bad for security). "

"The Inmates are Happy Maxim:  Large organizations and senior managers will go to great lengths to
deny employee disgruntlement, see it as an insider threat, or do anything about it.
    Comment:  There are a wide range of well-established tools for mitigating disgruntlement.  Most are
quite inexpensive. "


"Troublemaker Maxim:  The probability that a security professional has been marginalized by his or her
organization is proportional to his/her skill, creativity, knowledge, competence, and eagerness to provide 
effective security. "

RTHT (Read The Whole Thing) it is long but worth it!: http://www.ne.anl.gov/capabilities/vat/pdfs/security_maxims.pdf