Security Engineering - Security Stance

Security Stance

The two possible default positions on security matters are:

1. Default deny - "Everything, not explicitly permitted, is forbidden"

Improves security at a cost in functionality.
This is a good approach if you have lots of security threats.
See secure computing for a discussion of computer security using this approach.

2. Default permit - "Everything, not explicitly forbidden, is permitted"

Allows greater functionality by sacrificing security.
This is only a good approach in an environment where security threats are non-existent or negligible.
See computer insecurity for an example of the failure of this approach in the real world.

Read more about this topic:  Security Engineering

Famous quotes containing the words security and/or stance:

    Those words freedom and opportunity do not mean a license to climb upwards by pushing other people down. Any paternalistic system that tries to provide for security for everyone from above only calls for an impossible task and a regimentation utterly uncongenial to the spirit of our people.
    Franklin D. Roosevelt (1882–1945)

    For good teaching rests neither in accumulating a shelfful of knowledge nor in developing a repertoire of skills. In the end, good teaching lies in a willingness to attend and care for what happens in our students, ourselves, and the space between us. Good teaching is a certain kind of stance, I think. It is a stance of receptivity, of attunement, of listening.
    Laurent A. Daloz (20th century)