thinking_about_security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
thinking_about_security [2019/08/03 18:56] – neil | thinking_about_security [2021/07/06 09:26] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
=====Thinking about security===== | =====Thinking about security===== | ||
- | With that out the way, let’s get two things straight from the very beginning — and these will, I hope, set the tone for the recordings that follow.  | + | ====Key points: |
- | ====You are never going to be “perfectly secure”.==== | + | * [[thinking_about_security# |
- | Even if it was possible to protect | + | * [[thinking_about_security# |
+ | * [[thinking_about_security# | ||
+ | * [[thinking_about_security# | ||
+ | Â | ||
+ | ====Be realistic, and think about client experience ====Â | ||
+ | Â | ||
+ | Security is important. So is client experience. | ||
+ | Â | ||
+ | Some security controls are appropriate for highly confidential information, | ||
+ | Â | ||
+ | There comes a point at which providing security makes it more difficult | ||
+ | Â | ||
+ | ====You are never going to be “perfectly secure”==== | ||
+ | Even if it was possible to protect against every possible attack | ||
If anyone insists that you must be perfectly or absolutely secure, they are asking you to do something which is unachievable. | If anyone insists that you must be perfectly or absolutely secure, they are asking you to do something which is unachievable. | ||
- | ====Two. Security | + | What's important |
- | Threats change, and means of protecting against those threats | + | Â |
+ | Â | ||
+ | ====Talk to your clients ====Â | ||
+ | Â | ||
+ | If your clients are themselves experts, consider letting them take the lead. Â | ||
+ | Â | ||
+ | If you act for a tech-aware client, who you know uses encryption for some communications, | ||
+ | Â | ||
+ | Likewise, if they send encrypted attachments, | ||
+ | Â | ||
+ | (You might always want to //offer// encrypted communications, | ||
+ | Â | ||
+ | ====Security is ongoing====Â | ||
+ | Â | ||
+ | Threats change, and the means of protecting against those threats | ||
If you are hoping that you can do something, put a tick in a box, and move on, never to think about it again, you’re going to be disappointed. | If you are hoping that you can do something, put a tick in a box, and move on, never to think about it again, you’re going to be disappointed. | ||
Line 15: | Line 42: | ||
If you get nothing else from this site, hopefully it will be an encouragement to [[threat_modelling|think about the kind of threats that you and your clients might face]], and the types of mitigations and defences which might be available to you. | If you get nothing else from this site, hopefully it will be an encouragement to [[threat_modelling|think about the kind of threats that you and your clients might face]], and the types of mitigations and defences which might be available to you. | ||
- |
thinking_about_security.1564858591.txt.gz · Last modified: 2021/07/06 09:26 (external edit)