The Laws Of Security

Sept 2020

Security is fluid, however the more you work in the security field, the more you realize that there are patterns that repeat themselves. These are patterns that need to be taken care of and form the foundation of where and how to begin to assess the situation. These patterns lead to good practices that, like the fluidity of security, need to be constantly adapted to the current threats, the environment, and business/function the organization performs.

To that effect, I give you the Laws of Security. A collection of lessons learned turned things must be followed dictums. Take them, apply them, but be aware that things need will change, and you need to change with them.

1. RISK RECOGNITION

Recognize what can go wrong and have a plan for it.

2. YOU ARE ALWAYS BEING ATTACKED

Assume there are active threats, what do you need to protect now? What are the immediate risks?

3. NEVER TRUST INPUT

Verify the information, making sure you authenticate the source.

4. PROACTIVE DETERRENCE

Build layers and engage a threat at the outermost one. Always attack first.

5. FUNCTIONAL SECURITY

Simplify security. Know your environment and apply the fundamentals.



Note: This is part of The Laws Of Security website.