Dead simple security checklist

Dead simple security checklist#

Simple is hard. Especially to manage and mitigate cyber security risks. The context of cyber security problems consist of a mix of:

  • People

  • Complicated hardware and software

  • Continues changes on all aspects involved

  • Organizations

  • Internal and external threads Putting a complex cyber security product in such a context is asking for failures. Stupid simple procedures and awareness trainings are often as good or better than complex and expensive cyber security products to mitigate risks.

A good cyber simple solution:

  • Does not reinvent the wheel.

  • Is open source (FOSS).

  • Ensures that product and process quality aspects can be inspected.

  • Follow the principles of reproducible build.

  • Meets one or more open security standards that you can verify.

A simple Cyber security product has:

  1. Zero manual configuration challenges

  2. Zero manual maintenance

  3. Minimal dependencies and

  4. Is created to do one thing, and only one thing, good!

A good simple cyber security products works without unnecessary additions and modifications in your perimeter.

Attention

“The central enemy of reliability is complexity.”

Simplicity is the primary cyber security principle. All other principles must be sacrificed in favor of design simplicity.

Tip

Zero Complexity by design A nice reference to avoid complexity when designing solutions can be found in the 0Complexity design principles manifest