Dr. Roger G. Johnston is the manager of the Vulnerability Assessment Team (VAT) in the Nuclear Engineering Division at Argonne National Laboratory. The team's job is to analyze and study security devices, systems and procedures:
"The Vulnerability Assessment Team conducts extensive research in areas including anti-counterfeiting, tamper and intrusion detection, cargo security, nuclear safeguards and Utilizing tools from industrial and organizational psychology factors to ensure personal safety and many other areas."
Frequently recurring questions
Through our work at Los Alamos and Argonne National Laboratories. Over the years, Dr. Johnston has accumulated considerable experience in identifying and resolving security issues. Therefore, he realized something:
“As a security vulnerability assessor, when doing physical security work, you must think that people are selfish. Or you need to focus on specific security issues. Problem. Even, having to do both at the same time can fill you with frustration seeing the same security issues happening over and over again."
Dr. Johnston's Pursuit
p>So Dr. Johnston created his list of safety maxims. I have never heard of the term "safety motto" before, so I first need to make sure that everyone has a unified understanding of its meaning:
· Motto: a statement of a universal fact or principle. A principle or rule of conduct.
Dr. Johnston further limited his definition of safety maxims, believing that they do not belong to theorems or absolute truths:
“Based on our experience, safety maxims are 80-90% "At first, I did not realize that Dr. Johnston's focus was on personal safety." Just because his motto is very consistent with the characteristics of the IT technology field. This is my opinion, I don't know if you agree.
Favorite safety maxims
The following are my selections from Dr. Johnston’s accumulation of safety maxims:
· There are always unknown flaws. : For a given security device, system or program, if a security vulnerability exists, in most cases it will never be discovered (by good guys or bad guys).
Dr. Johnston’s comment:
“The reason why this comes to mind is when we do a second or third inspection of the same safety equipment, system or procedure , there are always new vulnerabilities found. Because we always find vulnerabilities that others have forgotten, the opposite is also true."
· An assessment that does not detect defects is meaningless: an assessment that only contains a few vulnerabilities or It is worthless and wrong to assume that an assessment report has no vulnerabilities.
· The so-called unbreakable protection is actually vulnerable: for security devices or systems, the greatest damage comes from confident/arrogant designers, manufacturers or users, and the extent of the damage depends on their use" The number of times words like "impossible" or "anti-interference" were used.
· We all agree that something is wrong: if you are satisfied with your security situation, something will go wrong.
I am pleased to see that Dr. Johnston has a great sense of humor.
· The ignorant are fearless: people’s level of trust in security is inversely proportional to what they actually know.
Dr. Johnston’s comment:
“Safety can seem very easy if you never take the time to think about it.”
< p>· Security is only as good as the weakest link: The effectiveness of security depends on doing more wrong than right.This maxim is valid in all situations. Dr. Johnston’s comments:
“Because bad guys usually attack with intent and maneuver rather than randomly.”
The following are a few quotes from Dr. Johnston to top executives Views:
· The level of leadership is the most critical: In terms of security, what the top managers of any company (non-security) know is inversely proportional to security, which depends on two aspects, ( 1) How easy they think security is, (2) How much they know about micromanaging security and how they arbitrarily tweak the rules.
· Executives tend to be self-righteous about security: the further away from the center (non-security) manager is, the more likely he or she is to find that he or she thinks (1) he or she understands security and (2) security is easy of.
· Executives are often ignorant when talking about security in public: When a (non-security) senior manager, bureaucrat, or government official talks about security, he or she will usually say something stupid , unrealistic, inaccurate and/or naive views.
My personal favorite:
· A lot of common sense about safety is not known to the average person: The key to the common sense problem is that it does not include all common sense.
The following motto explains why security problems are so slow to resolve:
·No tears before the coffin: Until there is the most obvious sign of a serious security breach, everyone will muddle along. Don't deal with it.
It wasn't until overwhelming evidence emerged and widespread recognition that the disaster had already occurred. In other words "Significant psychological (or physical) damage needs to be prevented before major changes in security occur."
· Don't worry about it: Point out security vulnerabilities (including theoretically them The possibility that such vulnerabilities may exist) is often considered "irresponsible," but few people are held accountable for ignoring or covering up these vulnerabilities.
· Minimize everything: Most people think everything is safe until strong evidence comes along that proves this belief wrong. Everyone strives to meet the lowest standards.