Ask Yourself

Ask yourself:

  1. What am I trying to achieve?
  2. What is my threat model?
  3. What is the true, undecomposable value of that which I am protecting?

Once you have answered all of these, then:

  • What should my policy say in order to express all the above?
  • What technologies exist that will enable me to implement the above?

 

Leave a Reply