Monday, April 21, 2008

Protection does not equal prevention

Gunnar Peterson has a brief post up on the two most important rules in information security:

1) Protect your assets
2) See rule 1

I would like to add a rule 0 to that:

0) Do not store what you do not use

I know this is just about as perpendicular to the data warehousing approach that many organizations are taking, but face it: if you don't have it, you don't have to secure it.

Having said this; it is ignorant to assume that protection equals prevention, and any organization should also plan for failure in addition to protection its essential assets.

PS: I am not accusing Gunnar Peterson of being ignorant :-) Unlike many others, he seems to include prevention in protection.

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.