What is the bare minimum amount of work that can be done that can be considered making a system more secure? What items must all individuals, all organizations, and all systems address in order to improve security? I often tell people that security is not one-size-fits-all, but what is the one-size-fits-most equivalent? What is the 20% of minimum viable security implementation that will address 80% of vulnerabilities? In 2006, NIST released special publication 800-69, Guidance for Securing Microsoft Windows XP Home Edition, a series of recommendations on how individuals could secure their home computers. Weighing in at 175 pages, it was not for the faint of heart. If you stick with it until Appendix A, you’ll find this interesting quote: Appendix A contains step-by-step instructions for implementing the[…]