LAWS OF SECURITY

1. RISK RECOGNITION

Recognize what can go wrong and have a plan for it.

Assume there are active threats, what do you need to protect now? What are the immediate risks?

Verify the information, making sure you authenticate the source.

Build layers and engage a threat at the outermost one. Always attack first.

Simplify security. Know your environment and apply the fundamentals.

More Info

These laws were based on these Security Principles.
It also comes down to how to communicate risk.
Original source of the laws.

By the way, threat model it.