LAWS OF SECURITY
1. RISK RECOGNITION
Recognize what can go wrong and have a plan for it.
2. YOU ARE ALWAYS BEING ATTACKED
Assume there are active threats, what do you need to protect now? What are the immediate risks?
3. NEVER TRUST INPUT
Verify the information, making sure you authenticate the source.
4. PROACTIVE DETERRENCE
Build layers and engage a threat at the outermost one. Always attack first.
5. FUNCTIONAL SECURITY
Simplify security. Know your environment and apply the fundamentals.
These laws were based on these Security Principles.
It also comes down to how to communicate risk.
Original source of the laws.
By the way, threat model it.