Let’s start with basics and see how far we can go.

When I review technology products and services, I have to review multiple layers.  The basic level to all of them is the philosophical or logical level of design.  Once that is decided on, you begin layering on top an implementation layer and considerations.  Lastly, there is the operational layer, which includes process and procedures that accompany the implementation, which is founded on the logical design.

For example, when you use a padlock to tie your bicycle to a post, you really are doing this:

Philosophical/Logical Layer – need something that will tie my movable object “the bicycle” to an immovable object “the post”

(so my bicycle will not be stolen, ergo, it is secure)

Implementation Layer – need something that is made of a hard material to break off, cut, burn, tear, sow, melt so I will select hardened metal

[so it will not be easily defeated and

(so my bicycle will not be stolen, ergo, it is secure)]

Operational Layer – need something that will help engage and disengage my security and that is easy to carry and store.  I mustn’t leave this thing in the proximity of the bicycle as attackers could simply use it.  I mustn’t forget to engage the system.  I mustn’t leave my key with a stranger who may turn to be an attacker, or collaborator, or seller of my bicycle and MANY other unwritten process and procedures that are too great to list

{so my security system stays engaged,

[so it will not be easily defeated and

(so my bicycle will not be stolen, ergo, it is secure)]}

There you go, the entire teachings of security in one simple example, which require zero technical knowledge to understand.  It was true 100 years ago and 100 years from now.

Please comment so we can have a healthy debate, and then move to Chapter 2