Security for the Paranoid

Mark Burnett poses an interesting question in his SecurityFocus article Security for the Paranoid:

Is it time to worry when security professionals consider you too paranoid?

I consider myself quite security-aware (or paranoid, as you like), too, but some of Mark Burnett's measures are really quite extreme. For example:

I require my kids to use at least 14 character passwords on our home network and I'm considering issuing them smart cards. [...] I don't just throw out shredded documents; I spread the shredded bits into my garden to use as mulch.

However, I really agree with him on this issue: "There's no need to analyze the threat of every situation. Just practice strong security always and you should be okay". I couldn't have said this any better.


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

[...] Just practice strong se

[...] Just practice strong security always and you should be okay.
Okay, this is what I call paranoid. I'm not sure if such a paradigm can be forced at all terms.
The stronger the security, the longer the time you have to invest in this security. At one point it doesn't pay to enhance security. At another point data is too vital that anything other than strongest security would lead to disastrous consequences. So you always have to evaluate the threat in some way or another. What I want to say is, there can be too strong security, definitely. But it might not be as critical as too weak security, so what the heck - I won't change your habit. :)