Controls, security strategies, architectures, policies, standards, procedures, and
guidelines should be developed and implemented in anticipation of attack from
intelligent, rational, and irrational adversaries with harmful intent or harm
from negligent or accidental actions.
[GASSP95]
Complexity: Natural hazards may strike all susceptible assets. Adversaries will threaten systems according to their own
objectives. Information security professionals, by anticipating the objectives of potential adversaries and
defending against those objectives, will be more successful in preserving the integrity of information. It is also
the basis for the practice of assuming that any system or interface that is not controlled is assumed to have
been compromised.
fc@red.a.net