Quote:
Originally Posted by
bakunin
To appraise your security status simply put yourself into the place of the intruder: will it possibly pay off to overcome your defenses? Act, if the answer is "yes" or near there, otherwise don't bother.
The same is true for security: what you protect and the efforts for protecting it have to be in proportion and the question is not "safe" but "safe enough".
bakunin
I would have to dis-agree with this point of yours. If you make security relative to the sensitivity of information, you are basically saying to someone that wants sensitive information that this system is holding very sensitive information, and this is not, due to your system security change.
If you suddenly upgrade your security systems and i know you use the methodology above, then you have just made users aware that you now have something sensitive that you do not want others to get. On the other hand however, if you ALWAYS have as-secure a system as possible, no matter what is on there, you don't suddenly "change habits" and make it obvious you are trying to hide something, other then everything.