on security policies

While reading “Rule Based Analysis of Computer Security” I stumbled upon the following phrase:

All the desired operations should be allowed, and all the undesired operations should be disallowed

Many times we focus so much on the latter part (disallowed) that we force users to circumvent obstacles in order to share or access information and work in ways that they end up granting more access than what is actually required. Then trouble, friction among admins and users and exceptions emerge.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s