It is often stated that "A chain is only as strong as its weakest link." However, this maxim doesn't hold true for Computer Security!
rnDo not despair if there are parts of your organization's computer security practices that defy your best efforts to improve them. You may be able to compensate for weaknesses in one part of your program by beefing-up other parts.
rnFor example, software security is one of the links in the computer security chain. For some computers, this link is weak or almost nonexistent. But realize that the computer users are another link in the computer security chain. By strengthening the computer user link, which we can do by improving user awareness, we can more than compensate for weakness in the software security link. By doing so, we also buy time to develop appropriate software security.
rnSo don't let the assumption that computer security is only as strong as its weakest link deter you from implementing good security, because it ain't necessarily so.
经常有人说:“一条链只有最薄弱的一环才有力。”但是,此原则对计算机安全性并不适用! rn
如果组织的计算机安全性实践中有某些部分无法尽最大努力来改进它们,请不要失望。您可以通过加强程序的其他部分来弥补程序某一部分的弱点。 rn
例如,软件安全性是计算机安全链中的链接之一。对于某些计算机,此链接弱或几乎不存在。但是要意识到,计算机用户是计算机安全链中的另一个链接。通过加强计算机用户链接(我们可以通过提高用户意识来做到),我们不仅可以弥补软件安全性链接中的弱点。这样,我们也有时间开发适当的软件安全性。 rn
因此,不要让计算机安全性仅与其最弱的链接一样强大的假设会阻止您实施良好的安全性,因为它确实不一定是这样。
Department of the Treasury, Bureau of Engraving and Printing, Automated Information Security Staff, Washington, DC;
机译:“败血症-与其说是您不知道的事,不如说是让您惹上麻烦,这是您肯定不会那样做的事。”-马克·吐温道歉。
机译:高效的密钥封装机制,将安全性严格降低到两个安全模型中的标准假设
机译:计算机安全性:计算机系统中不充分的安全性不仅会导致头痛,还会导致诉讼
机译:Uber假设框架内假设之间的安全等级
机译:“如果没有破产,为什么要解决?” ---有关版权和电影融资模式中的个人财产担保权益的法律改革。
机译:科学示范文摘。演示摘要:计算机辅助医疗决策支持系统:DXplain基于计算机的决策支持系统开发中的重要问题
机译:计算机安全协议中的假设,信任和名称
