This morning I was out running some errands and NPR had an interview with a David Sklansky a poker player who wrote a book called “The Theory Of Poker” and he said the most important thing to remember about poker is that:
Poker Is Fundamentally A Battle Of Mistakes
That quote stuck with me all day and when I got some time to sit down and Google it tonight I found this amazing excerpt from his book:
Every time you play a hand differently from the way you would have played it if you could see all your opponents’ cards, they gain; and every time you play your hand the same way you would have played it if you could see all their cards, they lose.
Lets make this about security:
Every time you secure your network differently from the way you would have if you could see all your opponents’ attacks, they gain; and every time you secure your network the same way you would have if you could see all their attacks, they lose.
Poker players spend just as much time while at the table thinking about who they are playing than what they are playing. Security professionals on the other hand spend a lot of time and a lot of money trying to prevent attacks that people attacking their networks wont or cant use. I know small companies who are more worried about APT’s than they are of phishing attacks because they watched a 60 minutes story about it.
Can you answer these five questions about the people who would likely attack your network:
Who would want to attack my network?
Why are they attacking my network?
What do they want to steal or change?
Is it possible for them to access the information they want to steal?
If I were them how would I try to steal the information?
I think if you can answer those five questions you would be off to a good start on understanding the correct way to secure your network because:
Security Is Fundamentally A Battle Of Mistakes.