I’m in Scotland for work and as I was riding to my hotel from the airport, there was a smattering of signs reading TO LET. In some cases there were 2 signs in two windows with the window frame acting as a separator like this TO|LET.
This isn’t particularly special. In the US it’s the equivalent of FOR RENT or SPACE AVAILABLE…except that my American brain kept translating it to TOILET. To the point that I idly wondered why the Scots need so many toilets. I knew that the signs read TO LET, but in the US, that group of letters is more likely to lead to a toilet than to an apartment for rent. My brain kept filling in the missing letter I with each sign we passed.
There’s no real lesson here except to be careful when filling in the blanks automatically. Because if you really need a toilet, that missing letter is important.
The problem with security books is that they fall into one of two camps. Security books written by auditors explain good security principles, but don’t offer enough detail for use in a specific application. Books written for applications are often filled with details on boxes to check, but thin on important concepts like mitigating controls.
With the Security and Audit Field Manual, we’ve tried to tackle both. Each chapter addresses a set of security principles and details how those principles can be applied using features in Dynamics 365. What makes these books work is that good principles are good principles regardless of the software involved. The key, the expertise, is in applying those principles to a specific piece of software, without losing the principle in the process.