Principles for managing system security that were stated by
Robert H. Courtney, Jr.
Updated
Senses
(N)▾
Principles for managing system security that were stated by Robert H. Courtney, Jr. Tutorial: Bill Murray codified Courtney's laws as follows: [Murr] Courtney's first law: You cannot say anything interesting (i.e., significant) about the security of a system except in the context of a particular application and environment. Courtney's second law: Never spend more money eliminating a security exposure than tolerating it will cost you. (See: acceptable risk, risk analysis.) First corollary: Perfect security has infinite cost. Second corollary: There is no such thing as zero risk. Courtney's third law: There are no technical solutions to management problems, but there are management solutions to technical problems.
Principles for managing system security that were stated by
Robert H. Courtney, Jr.
Tutorial: Bill Murray codified Courtney's laws as follows: [Murr]
Courtney's first law: You cannot say anything interesting
(i.e., significant) about the security of a system except in
the context of a particular application and environment.
Courtney's second law: Never spend more money eliminating a
security exposure than tolerating it will cost you. (See:
acceptable risk, risk analysis.)
-- First corollary: Perfect security has infinite cost.
-- Second corollary: There is no such thing as zero risk.
Courtney's third law: There are no technical solutions to
management problems, but there are management solutions to
technical problems.