Daily Cup of Tech

According to Microsoft, these are the ten laws of IT security:

• Law #1: If a bad guy can persuade you to run his program on your
  computer, it’s not your computer anymore
• Law #2: If a bad guy can alter the operating system on your
  computer, it’s not your computer anymore
• Law #3: If a bad guy has unrestricted physical access to your
  computer, it’s not your computer anymore
• Law #4: If you allow a bad guy to upload programs to your website,
  it’s not your website any more
• Law
  #5: Weak passwords trump strong security
• Law #6: A computer is only as secure as the administrator is
  trustworthy
• Law #7: Encrypted data
  is only as secure as the decryption key
• Law #8: An out of date virus scanner is only marginally better than
  no virus scanner at all
• Law #9:
  Absolute anonymity isn’t practical, in real life or on the Web
• Law #10: Technology is not a panacea

I have to admit, these are all pretty rock solid.  What would you add as law of security?  Put it in the comments.

Similar Posts:

• The Six Dumbest Ideas in Computer Security
• Secure Your Compute in 20 Minutes
• Security Week
• Angry IP Scanner
• Security Week Windup

If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?

Trackback link - http://www.dailycupoftech.com/2009/03/15/ten-laws-of-it-security/trackback/

 

8 Responses to “Ten Laws of IT Security”

1. Travesty Says:
   March 15th, 2009 at 8:17 am

   Law #11: Technology does not replace people management.

2. Light & Dark Says:
   March 15th, 2009 at 9:27 am

   Not adding, but reinforcing #3. Have had multiple instances of trying to reinforce that for clients. They insist that because they have “strong passwords” on the machine, my concern about physical security is over-hyped.

   Three minutes with a Linux boot disk to reset the admin password and I’m surfing their email and files. The look on their faces is usually priceless.

   Paul

3. Robb Says:
   March 15th, 2009 at 9:49 am

   Law #11: Do not assume what your virus scanner does not flag is trustworthy, or Virus scanners are like a bullet-proof vest - they don’t make you immune to bullets.
   Law #12: Good security demands a layered approach.

4. Mystech Says:
   March 15th, 2009 at 11:35 am

   It might fall under #9, but I’ve always been a fan of “obscurity is not security”.

5. Adrian Says:
   March 15th, 2009 at 5:15 pm

   Law #0: Installing a fundamentally insecure operating system and then attempting to plug the holes is a losing game

6. David Engel Says:
   March 16th, 2009 at 2:55 pm

   Addendum to Law #2: Trusting someone else to control your Operating System means that it is no longer your computer.

7. geekamongus Says:
   March 17th, 2009 at 6:36 am

   If it begins with M and ends with T, and has a I-C-R-O-S-O-F in the middle, you better go with Linux or Mac.

8. JohnDoe Says:
   April 1st, 2009 at 3:07 am

   Im in with geekamondus on that..:-)

Leave a Reply