Reexamining the “5 Laws of Cybersecurity”

0
336

Nearly a year ago, journalist Martin Banks codified “Five Laws of Cybersecurity”. Cybersecurity is a complicated field, and any way to simplify its many facets into short, easy-to-remember maxims is always welcome. The five laws are a very good start towards developing a robust security program. The laws are:

  1. Treat everything like it’s vulnerable.
  2. Assume people won’t follow the rules.
  3. If you don’t need something, get rid of it.
  4. Document everything and audit regularly.
  5. Plan for failure.

Of course, compliance with real rules does not necessarily equal security, but these general cybersecurity “laws” are a useful reference.  Still, like real regulations, some depth, and background can provide meaningful value. In some cases, the origins of these unofficial laws can add to lively debate by even the staunchest cybersecurity practitioner.

Treat Everything Like It’s Vulnerable

The first rule of cybersecurity is to treat everything as if it’s vulnerable because, of course, everything is vulnerable. Every risk management course, security certification exam, and audit mindset always emphasizes that there is no such thing as a 100% secure system.  Arguably,…

Read More…

Актуальные книги на английском