10 Immutable laws of security administration

  • Law #1: Nobody believes anything bad can happen to them, until it does
  • Law #2: Security only works if the secure way also happens to be the easy way
  • Law #3: If you don’t keep up with security fixes, your network won’t be yours for long
  • Law #4: It doesn’t do much good to install security fixes on a computer that was never secured to begin with
  • Law #5: Eternal vigilance is the price of security
  • Law #6: There really is someone out there trying to guess your passwords
  • Law #7: The most secure network is a well-administered one
  • Law #8: The difficulty of defending a network is directly proportional to its complexity
  • Law #9: Security isn’t about risk avoidance; it’s about risk management
  • Law #10: Technology is not a panacea