The Laws of Security

LAWS OF SECURITY 2.0

1. KNOW WHAT YOU HAVE

You can’t protect what you don’t know exists. Inventory and visibility are the foundation.

2. MAKE IT HARD TO BREAK

Strong defaults, least privilege, and simple defenses raise the attacker’s cost.

3. SEE TROUBLE FAST

Detection matters more than perfection. Spot what slips through before it spreads.

4. LIMIT AND RECOVER

Contain damage quickly, then restore. Every recovery is a chance to come back stronger.

These four laws form a closed loop:

You can’t defend or detect without knowing what you have. You can’t reliably detect if the baseline isn’t hardened. You can’t contain if you don’t detect. You can’t sustain if you don’t recover, and recovery feeds back into knowing and strengthening what you have.

Remember: "Know. Harden. See. Recover."

Original source of the laws.