The effect of investing in security depends on the actual level of security achieved in the system. It also depends on the degree of trust from my stakeholders.
Imagine a system with perfect security which - for whatever reason - isn't trusted by those who should depend on it. Their distrust might appear totally irrational to us. That doesn't matter. It's not our call. Our effort is a failure.
Putting all our money into "actual" security and ignoring the need for assurance is a recipe for failure.
(some of) my events
- 2019-04-09--11 Operativ informationssäkerhet (teaching course, Stockholm)
- 2019-03-06--08 Strategisk informationssäkerhet (teaching course, Stockholm)
- 2019-01-29 Certifierad informationssäkerhetsarkitekt, del 1 (co-teaching course, Stockholm)
- 2019-01-10 Certifierad IT-arkitekt (guest lecturing, Stockholm)
- 2018-12-13 Datakommunikation och IT-säkerhet (guest lecturing, Högskolan i Gävle)
2014-12-15
Subscribe to:
Post Comments (Atom)
last chance...
