There is an article in this months TechNet magazine called ‘Principles of Quantum Security‘, written by Jesper Johansson.
I found this quite an interesting read. It’s targeted for for IT Security pros but it does contain some scientific analogies that are probably more meaningful for readers with a science/engineering background.
You need to read the whole article to get the full impact however the key argument/discussion point of the article is that when we implement some sort of IT Security mitigation we change the system that we’ve implemented the mitigation against. This means that the mitigation becomes part of the system and we should be re-evaluating the security posture of the system to see what, if anything, the mitigation has had. That is, what’s the ripple effect. An example Jesper uses is that of IDSes. If you implement IDSes to mitigate a risk in all likelihood you’re going to be having the logs go to a central system. In doing so it probably means that some sort of privileged account is used. Therefore you now have additional systems/services that if they’re compromised could give access to a privileged account …. etc. Hence the law of unintended consequences.
Steven JW Kennedy 