Thinking about security, I find Bruce Schneier's five question framework helpful. It is pretty much what we use in IT Security, in Beyond Fear Schneier applied it primarily to (government) security policy. I tend to buy Schneier's core argument that we do know how to and most of the time do make rational security decisions, but sometimes fear clouds our judgment. So here are five question to ask, I'll use the extra lock I have as an example. 1. What assets are you trying to protect? A: The property at my apartment (worth about 5000e or less, I really don't own a lot of stuff), and also the health of myself and my wife which is impossible for me to quantify. 2. What are the risks to these assets? A: Burglary, and related to that being attacked by the burglar. Also, main lock keys are still same as they were when I moved in so previous residents could have keys. 3. How well does the security system mitigate those risks? A: A burglar is likely to choose an apartment that doesn't have an extra lock over one that does. OTOH, all my neighbors seem to have one. In general an extra lock slows down the burglar, which is quite useful given that he has a high likely hood of being spotted by neighbors. 4. What other risks does the security system cause? In case someone needs to enter our apartment while we are away (say a fire or a leaking pipe) it will stop them from entering as we have the only keys. 5. What costs and trade-offs does the security solution impose? No direct costs as it was installed when I moved in, all though I had to redo the keys when one of them broke (~40e). I get a small discount on home insurance (~20e a year). On the other hand, if I forget to use the extra lock and someone breaks in, the insurance company may not be liable. It does make my wife feel safer for some reason. Apartment burglary is very low risk here. But wife feeling safer makes it worthwhile for me. It is very hard to do the exercise in abstract, not only are particulars different but the trade-off evaluation is highly subjective. Still, if one were to do the walk or drive thing, it really depends on what are you trying to protect: 1. What assets are you trying to protect? Personal health. 2. What are the risks to these assets? Injury or death due to an attack while walking in a bad neighborhood. 3. How well does the security system mitigate those risks? Car is a harder target than a walker for an attacker. Also attack on vehicle would require higher degree of planning, meaning it is less likely to be carried out by someone having a sudden burst of aggression. 4. What other risks does the security system cause? - The value of a target for an attacker interested in financial gain is higher by probably a factor of one hundred (assuming car has resale value of about $5000 and people typically carry about $50 in cash.) - Risk of a traffic accident is very high compared to risk of violent attack in general. 5. What costs and trade-offs does the security solution impose? Car costs money and gives freedom of movement, and is generally speaking a faster way to get around. Exercise due to walking has considerable health benefits which in general by far out weight the health risk of violent attack. So it has to be a very bad neighborhood in order for a car to make sense as security solution. But if we change what we are trying to protect to sense of security the answer may very well be different. Cheers, Teemu Helsinki, Finland __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------ To change your Lit-Ideas settings (subscribe/unsub, vacation on/off, digest on/off), visit www.andreas.com/faq-lit-ideas.html