This is a personal web-site of Arsen Shirokov
, CISSP, CISA, CCSP (expired), CCIE Security (written, expired), etc.
Resume available upon request.
If there's one general precept of security policy that is universally true, it is thatsecurity works best when the entity that is in the best position to mitigate the risk is responsible for that risk
If a piece of information doesn't have to be correct for the system to work, sooner or later it won't be.
Not exactly a security aphorism but often causes failures of security systems
, in Bruce Schneier's sense of the term.
The exact wording has been borrowed from Chris Siebenmann's Wandering Thoughts blog
Security only works if the secure way also happens to be the easy way.
You can also find this postulate on the Microsoft site
(posted in 2000 - amazing, as the success of their business has always been based on the "easy way", which as we all know was rarely a "secure way").