Posts in

All tags

Defense in Depth a.k.a the Castle Approach

Imagine you are back in middle school and your new science homework is The Egg Drop Project. For those of you not familiar with it, here is a brief description: your task is to design a protective structure for an egg. Once you finished, the egg will be placed in the shuttle you created and dropped from a certain height. The egg must survive the fall without harm! Here is a hint: defense in depth.

How much security is enough?

As a security engineer, I regularly work with developers. Together we draft various ideas and try to find the best possible solution to the problem at hand. During this process, the following question always comes up in some form: how secure should this be? Simple as it may seem, usually a lot of thought goes into answering this. Let’s see why! There are quite a few things in play here: legal and business requirements, the risk of exploitation, cost of mitigation, loss expectancy, business impact, etc.