Security technology alone cannot reassure protection. It requires human judgment:

  1. What is the value of target being protected? Risks to low value asset or low business impact are simply accepted as part of the operating cost. Example is the anti-theft RFiD tags.
  2. How is the controls deployed? Is the control in place properly? Gap in control will leave a loop-hole.
  3. Most importantly, how is the control operated and sustained to maintain its effectiveness? Adding controls does not increase security sometimes but incur unnecessary overheads or activities that overkill the purpose.

A comprehensive assessment from design, build, deploy, regular validation is required through out the life cycle of the deployed cybersecurity protection.

Leave a Reply