Wednesday, April 17, 2002

Required Reading

Bruce Schneier is one of the world's top experts in computer security, and, in particular, cryptography. In his latest newsletter he talks about some general security principles that are very relevant to the post-9/11 security frenzy. The article you want is the first one, "How to Think About Security"

Basically, there are five things we have to look at for any proposed new "security" procedure or doodad:

  1. What problem does it solve?
  2. How well does it solve the problem?
  3. What new problems does it add?
  4. What are the economic and social costs?
  5. Given the above, is it worth the costs?

In Schneier's field of computer security, this little checklist is very common. Unfortunately, our politicians and news people haven't heard of it, to our peril.

Go read it. Now. I'll wait.

Weblog Commenting and Trackback by