risk management

Unintended consequences

Facebook bans at work are apparently linked to increased security breaches. It seems that strict policies on social networking sites¬†are “actually forcing users to access non-trusted sites and use tech devices that are not monitored or controlled by the company security program.” People are very adaptable, and often very determined. If you stop them doing something one way, they’ll find another. Computer security is really difficult, as it’s by no means a matter only of technology: human nature is a major factor, and often more easily predicted with the benefit of hindsight.

For instance, Bruce Schneier points out that if something’s protected with heavy security, it’s obviously worth stealing. It’s the converse of Poe’s The Purloined Letter, in which the best hiding place is in full view.¬†Does this apply to computer systems?