« Let's get it started! | Main | Usually it's better to be flexible unless you don't actually care for the results »

A few thoughts on checklisting

If you like it here, please consider subscribing to the RSS feed or spreading the news among your friends who also care about security.

How often do you use checklists as a kind of a guide through a process of system hardening or risk assessment? As a matter of fact I could ask how often you use checklists for whatever purpose that needs making sure a lot of little places have been looked on.

I do almost all the time. Every time there is more then five things to take care of I prepare a checklist. It’s reusable and provided it’s good, you can relay on its completeness.

There’s only one “but” — checklists prevent you. They prevent you from missing things if they’re good, but they also prevent you from being creative and seeing things that are not on the list.

Conclusion? Checklists can make your life a lot easier, but they can also make it unnecessarily complicated if you don’t pay enough attention.

Posted by Michał Sobiegraj on October 3, 2006 3:48 PM | | Digg It

TrackBack

TrackBack URL for this entry:
http://sobiegraj.com/blog/mt-tb.cgi/12

Listed below are links to weblogs that reference A few thoughts on checklisting:

» To much creativity from Sobiegraj on Security
I did say creativity and thinking out of the box is very important when assessing a risk. Turns out even creativity should have some limits. Especially when we realize how many items already present in a “safe” part of an... [Read More]

Tracked on October 12, 2006 2:39 PM

» Like to feel successful? from Sobiegraj on Security
Seth points out that being creative and actually thinking takes a lot more effort then blindly following a given set of rules. It's also easier to feel successful shouting at people who dare to have a bottle of water on... [Read More]

Tracked on November 4, 2006 8:32 PM

» 3.3 ounces of security from Sobiegraj on Security
How hard do you think it is to blow a plane apart with 3.3 ounces of liquid explosives of whatever kind? I'm willing to bet quite a lot that there's no difference between 3.3 ounces and 10 gallons, when we... [Read More]

Tracked on November 7, 2006 2:11 AM

» One SOX to rule them all from Sobiegraj on Security
Why is SOX your friend during an assessment? For the same reason as every established set of rules or requirements — it leaves as little space for interpretation as possible and gives an assessor a foundation on which they can... [Read More]

Tracked on January 23, 2007 9:59 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

© 2006-2007 Michał Sobiegraj. All rights reserved. The views expressed here are my own, and not necessarily endorsed by any former or current employer.

Search


About

This page contains a single entry from the blog posted on October 3, 2006 3:48 PM.

The previous post in this blog was Let's get it started!.

The next post in this blog is Usually it's better to be flexible unless you don't actually care for the results.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 3.34