Principle: Sometimes less security is more secure

I’m not a security expert by any means, but this is still an important generalization. Schneier has probably explained it in the past.

All of the anti-counterfeiting features of the new Canadian $100 bill are resulting in people not bothering to verify them.

Bruce Schneier
Security Risks of Too Much Security

The domain of this observation ought to be clear to anyone who gives it a moment’s thought. If security resources are scarce (like the attention spans of the employees implementing these procedures), then they must be spent wisely to achieve a positive ROI. If resources aren’t scarce (like overabundant storage or computation horsepower), this principle does not necessarily apply.

Advertisements
This entry was posted in Commentary. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s