A lecture by Roger Johnston, Ph.D. at Argonne National Labs. He discusses the following myths:
security maxims (there’s no free lunch)
high tech ≠ high security
inventory ≠ security
RFIDs & CMBs
tamper-indicating seals & cargo security
biometrics & access control systems
counterfeiting security devices
“security in depth”
effective vulnerability assessments
Read about the common security maxims:
1. Infinity Maxim: There are an unlimited number
of vulnerabilities, most of which will never be
discovered (by the good guys or bad guys).
2. Arrogance Maxim: The ease of defeating a security
device is inversely proportional to how confident the
designer, manufacturer, or user is about it, and to how
often they use words like “impossible” or “tamper-proof”.
3. High-Tech Maxim: The amount of careful thinking that
has gone into a given security device is inversely
proportional to the amount of high-technology it uses
4. Low-Tech Maxim: Low-tech attacks work
(even against high-tech devices).
5. Yipee Maxim: There are effective, simple, & low-cost
countermeasures to most vulnerabilities.
6. Arg Maxim: But users, manufacturers, and
bureaucrats will be reluctant to implement them.
7. Insider Risk Maxim: Most organizations will ignored
or seriously underestimate the threat from insiders.