In much the same way that a house must be built on a solid foundation, so must the security of your system and sensitive information. Without a comprehensive security plan, your effort to secure your system and any sensitive data will likely fall short of your needs. Falling short on security isn't to be taken lightly because inadequate security makes the availability, integrity, and confidentiality of your system and data vulnerable to compromise. That is, your system or data might not be available to you when you need it most, or important data could be altered, lost, or stolen.

The effect of any one of these scenarios varies from person to person and is largely dependent on how much you rely on your system and just how sensitive or important your data is. Maybe you suffer a mere inconvenience — or, maybe you suffer financial damages and become an identity theft or fraud victim. However, before you batten down the hatches and implement a myriad of security controls to protect your system and data, keep balance in mind. You want a security balance that reduces your risk to a comfortable level yet still allows you to accomplish what you need to be productive.

Many security practitioners fail to achieve this balance, locking down the hatches so tight that they impede productivity. Comparatively, many not‐so‐security‐conscious users loosen security ...