thinking_about_security
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
thinking_about_security [2019/08/03 18:56] – created neil | thinking_about_security [2021/07/06 09:26] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
=====Thinking about security===== | =====Thinking about security===== | ||
- | With that out the way, let’s get two things straight from the very beginning — and these will, I hope, set the tone for the recordings that follow.  | + | ====Key points: |
- | ====You are never going to be “perfectly secure”.==== | + | * [[thinking_about_security# |
- | Even if it was possible to protect | + | * [[thinking_about_security# |
+ | * [[thinking_about_security# | ||
+ | * [[thinking_about_security# | ||
+ | Â | ||
+ | ====Be realistic, and think about client experience ====Â | ||
+ | Â | ||
+ | Security is important. So is client experience. | ||
+ | Â | ||
+ | Some security controls are appropriate for highly confidential information, | ||
+ | Â | ||
+ | There comes a point at which providing security makes it more difficult | ||
+ | Â | ||
+ | ====You are never going to be “perfectly secure”==== | ||
+ | Even if it was possible to protect against every possible attack | ||
If anyone insists that you must be perfectly or absolutely secure, they are asking you to do something which is unachievable. | If anyone insists that you must be perfectly or absolutely secure, they are asking you to do something which is unachievable. | ||
- | ====Two. Security | + | What's important |
- | Threats change, and means of protecting against those threats | + | Â |
+ | Â | ||
+ | ====Talk to your clients ====Â | ||
+ | Â | ||
+ | If your clients are themselves experts, consider letting them take the lead. Â | ||
+ | Â | ||
+ | If you act for a tech-aware client, who you know uses encryption for some communications, | ||
+ | Â | ||
+ | Likewise, if they send encrypted attachments, | ||
+ | Â | ||
+ | (You might always want to //offer// encrypted communications, | ||
+ | Â | ||
+ | ====Security is ongoing====Â | ||
+ | Â | ||
+ | Threats change, and the means of protecting against those threats | ||
If you are hoping that you can do something, put a tick in a box, and move on, never to think about it again, you’re going to be disappointed. | If you are hoping that you can do something, put a tick in a box, and move on, never to think about it again, you’re going to be disappointed. | ||
Line 14: | Line 41: | ||
If you can get to a place where you are routinely identifying the threats which you are most likely to face, and taking precautions against them so that you remain “secure enough”, you are probably doing pretty well. | If you can get to a place where you are routinely identifying the threats which you are most likely to face, and taking precautions against them so that you remain “secure enough”, you are probably doing pretty well. | ||
- | If you get nothing else from this site, hopefully it will be an encouragement to think about the kind of threats that you and your clients might face, and the types of mitigations and defences which might be available to you. | + | If you get nothing else from this site, hopefully it will be an encouragement to [[threat_modelling|think about the kind of threats that you and your clients might face]], and the types of mitigations and defences which might be available to you. |
thinking_about_security.1564858565.txt.gz · Last modified: 2021/07/06 09:26 (external edit)