| Security Culture |
Article Index for Security |
Website Links For Security |
Information AboutSecurity Culture |
|
A security culture is a set of customs shared by a community whose members may engage in illegal activities, the practice of which minimizes the risks of such activities. The central principle of all security culture, the point that cannot be emphasized enough, is that people should never be privy to any sensitive information they do not need to know. Don't ask, don't tell. If you don't need to know something to fulfil your role, then you shouldn't be told. Don't answer any questions you don't want to, and be prepared for others to do likewise. It should go without saying, but don't turn your friends over to your enemies. When being questioned it can be hard to distinguish between a few harmless comments and giving away vital information. The best policy is always "no comment". Don't make it easy for your enemies to figure out what you're up to. Choose meeting locations carefuly, choose people to be involved carefully, don't discuss ideas in places likely to be insecure (such as public places or your own home), don't use the internet for communications (certainly not without encryption). Learn and abide by the security expectations of people you work with. Whilst you may not believe certain information to be particularly sensitive, if others do then you need to treat the information with respect. Likewise, let others know what your needs are when it comes to security - if there's already an arrest warrant out for you then tell the people you are working with. Look out for others. Always ensure that everybody knows the risks involved with any action, and be prepared to provide them with training if necessary. Security culture is not the same as paranioa. Good security culture will reduce paranoia because you will reduce risks and understand what risks are left unaddressed. |
|
|