The Laws Of Security
Originally written on Sept 2020, and as part of The Laws Of Security website.
Security is fluid, however the more you work in the security field, the more you realize that there are patterns that repeat themselves. These are patterns that need to be taken care of and form the foundation of where and how to begin to assess the situation. These patterns lead to good practices that, like the fluidity of security, need to be constantly adapted to the current threats, the environment, and business/function the organization performs.
To that effect, I give you the Laws of Security. A collection of lessons learned turned things must be followed dictums. Take them, apply them, but be aware that things need will change, and you need to change with them.
1. RISK RECOGNITION
Recognize what can go wrong and have a plan for it.
2. YOU ARE ALWAYS BEING ATTACKED
Assume there are active threats, what do you need to protect now? What are the immediate risks?
3. NEVER TRUST INPUT
Verify the information, making sure you authenticate the source.
4. PROACTIVE DETERRENCE
Build layers and engage a threat at the outermost one. Always attack first.
5. FUNCTIONAL SECURITY
Simplify security. Know your environment and apply the fundamentals.