In: Computer Science
describe the security principle of simplicity.
Because attacks can come from a variety of sources and in many ways, information security is by its very nature complex. The more complex something becomes, the more difficult it is to understand. A security guard who does not understand how motion detectors interact with infrared trip lights may not know what to do when one system alarm shows an intruder but the other does not. In addition, complex systems allow many opportunities for something to go wrong. In short, complex systems can be a thief’s ally.
The same is true with information security. Complex security systems can be hard to understand, troubleshoot, and feel secure about. As much as possible, a secure system should be simple for those on the inside to understand and use. Complex security schemes are often compromised to make them easier for trusted users to work with—yet this can also make it easier for the attackers. In short, keeping a system simple from the inside but complex on the outside can sometimes be difficult but reaps a major benefit.