Security Engineering - Security Stance

Security Stance

The two possible default positions on security matters are:

1. Default deny - "Everything, not explicitly permitted, is forbidden"

Improves security at a cost in functionality.
This is a good approach if you have lots of security threats.
See secure computing for a discussion of computer security using this approach.

2. Default permit - "Everything, not explicitly forbidden, is permitted"

Allows greater functionality by sacrificing security.
This is only a good approach in an environment where security threats are non-existent or negligible.
See computer insecurity for an example of the failure of this approach in the real world.

Read more about this topic:  Security Engineering

Famous quotes containing the words stance and/or security:

    For good teaching rests neither in accumulating a shelfful of knowledge nor in developing a repertoire of skills. In the end, good teaching lies in a willingness to attend and care for what happens in our students, ourselves, and the space between us. Good teaching is a certain kind of stance, I think. It is a stance of receptivity, of attunement, of listening.
    Laurent A. Daloz (20th century)

    There is one safeguard known generally to the wise, which is an advantage and security to all, but especially to democracies as against despots. What is it? Distrust.
    Demosthenes (c. 384–322 B.C.)