Frequently, there are so many interwoven elements surrounding a given situation that the best security solution becomes obscured. This causes many organizations to make bad security decisions on a regular basis. Effective security decisions must be consistent and based on sound reasoning that balances both the immediate and long-term impacts. A decision made about one security issue should be in line with previous decisions and with those decisions that will be made in the future. Making ad hoc decisions will eventually lead to flawed security practices. Thus, security is best approached as a series of rules based on the fundamental virtues we just discussed. Making security decisions from a standard series of logical, constant, and universal rules is a common practice among good security professionals. Often unaware of it, the best security professionals simply follow a similar series of logical security rules over and over again. Therefore, it is reasonable to conclude that everyone can make good security decisions if they simply learn to follow similar essential rules. The eight essential rules of security are:
|