
Ask HN: Security Strategy Buildung Blocks - lixtra
An IT security strategy aims to ensure confidentiality, integrity, and availability of IT systems and information. This has to be traded off against economic and practical realities. What building blocks do you consider for a security strategy?<p>Examples are<p>- <i>Deep defense</i>. Consider everything hostile. No unencrypted traffic over the network. Spectre attacks matter a lot because you cannot trust other users on the host.<p>- <i>Tough on the outside, soft on the inside</i> (also M&amp;M security). Try hard to keep bad guys of your intranet but trust your internal users. Spectre attacks don&#x27;t matter because you trust the other users on the host.
======
lixtra
_Log, monitor and punish_. If data has to be readily available but should only
be used for intended purposes.

I.e. in a hospital medical data has to be immeadiatly available to all medical
staff to react quickly. However, if medial data leaks (i.e. about a celebrity
or in large scale) the bad guy can be caught by looking at the access logs to
the data.

------
lixtra
_Data avoidance_. Data that is not collected does not have to be protected and
is automatically confidential.

