LAWS OF SECURITY

1. RISK RECOGNITION

Recognize what can go wrong and have a plan for it.


2. YOU ARE ALWAYS BEING ATTACKED

Assume there are active threats, what do you need to protect now?
What are the immediate risks?


3. NEVER TRUST INPUT

Verify the information, making sure you authenticate the source.


4. PROACTIVE DETERRENCE

Build layers and engage a threat at the outermost one.
Always attack first.


5. FUNCTIONAL SECURITY

Simplify security. Know your environment and apply the fundamentals.





More Info

These laws were based on these Security Principles.
It also comes down to how to communicate risk.

Original source of the laws.

By the way, threat model it.



LAWS SECURITY PRINCIPLES COMMUNICATING RISK DEFENSE IN DEPTH PRINCIPLES