Black and white lists: Friends come and go, but enemies accumulate.
Conclusion: Both black lists and white lists are effective security measures, but these two approaches are opposites and therefore, have different issues and applications. If only a few items need to be forbidden, then a black list is adequate. But if only a few items need to be permitted, then a white list is the efficient way to enforce policy.
When used in conjunction with business policy and procedures for acceptable content, white lists can be a very powerful mechanism creating a culture of individual responsibility that enables users to access necessary business information while holding individuals to account for the information they access.
About The Advisor
James Turner is an IBRS emeritus Advisor who specialised in cyber security and risk and facilitates the CIO Cyber and Risk Network on behalf of IBRS. James has over a decade of experience as an industry analyst and advisor; researching the cyber security industry in Australia. As an IBRS Advisor, James authored over 100 IBRS Advisory papers, led dozens of executive roundtables, and presented at numerous conferences.