There is no holy bible of information security. The question in general is not ``How do I achieve complete immunity?'', the question really is ``what are my vulnerabilities, and what protection is sensible?'' No system can be made a 100% secure. To quote Cheswick and Bellovin on this matter:
``One cannot have complete safety; to pursue that chimera is to ignore the costs of the pursuit.'' [BEL94, p.50]Vulnerabilities can be inherent to the system, they can be a result from poor installation or incompetent use, or they can be a calculated risk. Design and development of trusted systems is a difficult matter. The same also goes for managing the infrastructure. In this chapter we address a number of aspects of an adaptive security management system that may constitute a vulnerability or may lead to suboptimal and ineffective implementations. We also try to give suggestions to address some of the potential dangers.