Mayfield's paradox

Mayfield's Paradox states that to keep everyone out of an information system requires an infinite amount of money, and to get everyone onto an information system also requires infinite money, while costs between these extremes are relatively low.[1]

The paradox is depicted as a U-curve, where the cost of a system is on the vertical axis, and the percentage of humanity that can access the system is on the horizontal axis. Acceptance[clarification needed] of this paradox by the information security community was immediate[when?], because it was consistent with the professional experiences of this group. Mayfield's Paradox points out that, at some point of the curve, additional security becomes unrealistically expensive. Conversely, at some point of the curve, it becomes unrealistically expensive to add additional users.

Based on the Paradox the Menz brothers developed the "Menz Theorems of Information and Physical Security". The theorems present two formulas covering access and security of both information systems and physical facilities. They are used to help determine allocation of resources and response levels.

  1. ^ Mayfield; Cvitanic (2000). "Mathematical Proofs of Mayfield's Paradox: A Fundamental Principle of Information Security". Information Systems Control Journal. 2: 32–34. ISSN 1526-7407.