rcox1 wrote:There is a school of thought that a safes main purpose is to keep sensitive materials safe long enough so a human, either through an alarm or routine patrol can interrupt the person trying to break in before the break is successful.
That is indeed the usual thinking, from what I've seen.
"There is no such thing as a security -- only managed risk." You identify potential threats and vulnerabilities. You evaluate potential countermeasures. You consider what compromise would cost. You deploy a countermeasures as the cost of compromise exceeds the cost of the countermeasures.
When it comes to typical security protection against untargeted or loosely-targeted attacks, it's a truism that security measures are just a deterrent intended to make the attacker move on to his next potential victim. "A car alarm doesn't prevent a thief from stealing your car. A car alarm makes it easier to steal the car parked next to yours."
When protecting things of value (thus attracting determined attackers), things definitely get interesting.
"It is important to realize that any lock can be picked with a big enough hammer." (Sun System Admin Manual.)
The government-approved "GSA security containers" at work have stickers on them saying they're protected for X hours of "surreptitious entry" attempts, X hours against "manipulation of the lock", and "no forced entry". As you say, their point is to keep someone out of them long enough for security personnel to respond. They are also designed to provide clear evidence of tampering. A compromised secret is bad, but when you don't *know* it's compromised, that's exponentially worse.
Keeping a low profile is always a good idea. Decoy targets, as illustrated in "Unpickable", may stop amateurs and opportunity crimes, but a real professional won't be fooled. Of course, it's also worth pointing out that attackers sometimes have different motivation. Sometimes the primary motivation isn't the nominal asset, but the associated reputation. Witness recent attacks by "Anonymous", "Lulzsec", etc.