Dead simple security checklist
Dead simple security checklist¶
Simple is hard. Especially to manage and mitigate cyber security risks. The context of cyber security problems consist of a mix of:
Complicated hardware and software
Continues changes on all aspects involved
Internal and external threads Putting a complex cyber security product in such a context is asking for failures. Stupid simple procedures and trainings for awareness are often as good or better than complex and expensive cyber security products to mitigate risks.
A good cyber simple solution:
does not reinvent the wheel.
is open source.
quality can be inspected
follow the principles of reproducible build
meets one or more open security standards that you can verify
A simple Cyber security product has:
Zero manual configuration challenges
Zero manual maintenance
Minimal dependencies and
Is created to do one thing, and only one thing, good!
A good simple cyber security products works without unnecessary additions and modifications in your perimeter.
“The central enemy of reliability is complexity.”
Simplicity is the primary cyber security principle. All other principles must be sacrificed in favor of design simplicity.
Zero Complexity by design
A nice reference to avoid complexity when designing solutions can be found on: https://nocomplexity.com/documents/0complexity/