Chapter 7. Proportionality

If the highest aim of a captain were to preserve his ship, he would keep it in port forever.

Thomas Aquinas

The Principle: Tailor security strategies to the magnitude of the risks, accounting for the practical constraints imposed by the mission and the environment.

Key Question: Is this worth it?

Related Concepts: Risk Management and Acceptance, Usability

Proportionality is the Principle of balance: it is where you consider the costs of security, the security’s impact on usability and user experience, the security’s efficacy in furthering the mission, and any other competing factors, and combine these considerations to determine what and how much security will be the best fit.

There is more to the world than keeping things safe and secure. Indeed, security is meaningless without reference to some larger mission. No one buys a safe just to have a safe: you buy the safe to protect something of (likely greater) value or sensitivity. Proportionality is about keeping this relationship—between security and the larger mission—in appropriate balance. Is spending $1,000 to secure a single $100 bill a good idea? No. Similarly, spending only $25 to secure that same $100 bill could still be considered good security, even if the bill were ultimately stolen. Proportionality is where you need to look at the bigger picture, and make a judgment call about what will produce the best outcome overall.

Proportionality is also crucial in creating buy-in for all of the ...

Get Security from First Principles now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.