Wendy Nather  

I was just in a meeting with a very large organization and one of my colleagues asked an interesting question:

Is there a security risk tradeoff that is impossible to make?

In other words, in #infosec we’re called upon to manage risk tradeoffs all the time: against usability, performance, efficiency, affordability, and so on. Is there such a thing in your environment as a tradeoff you simply cannot make? Where do you draw the line?

1+
Kyle Rankin

@wendynather For our org the line would be security design decisions that would remove control from our customers and put it only in our (the vendor's) hands. Even if we manage security for our customers for ease of use, they must be able to "take the wheel" and drive any time they want to.

· Tootle · 0 · 0 · 1
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml