Sound Principles
- Measuring risk in $/year ( risk = ARO * SLE )
- ARO : Annual rate of occurrence (incidents/year)
- SLE : Single Loss Expectancy ($/incident)
- Most security "solutions" are designed to reduce ARO
- But the 0-day crowd makes sure ARO is never really 0...
- Least Privilege: minimizing the consequences of security incidents
- Reduce the size of connected components (and do so sensibly)
- Isolate critical systems and/or accounts
- Defense in Depth: good for spotting single points of failure
This page is by Foofus; send your praise and/or complaints to
Foofus at Foofus d0t Net.