information security professionals should favor small and simple safeguards
over large and complex safeguards.
Complexity: Simple safeguards can be thoroughly understood and tested. Vulnerabilities can be more easily detected.
Small, simple safeguards are easier to protect than large, complex ones. It is easier to gain user acceptance of
a small, simple safeguard than a large, complex safeguard.