When we get into discussions about security, the best tools I’ve found are:
Attack Trees: If someone wants to add a new security feature they have to justify it by pointing at an attack that is not covered by other mitigations.
Cost/Risk analysis: Decide if it worth worrying about state-level actors/professionals criminals/script kiddies.
When we get into discussions about security, the best tools I’ve found are:
Attack Trees: If someone wants to add a new security feature they have to justify it by pointing at an attack that is not covered by other mitigations.
Cost/Risk analysis: Decide if it worth worrying about state-level actors/professionals criminals/script kiddies.