Nearly a year ago, journalist Martin Banks codified “Five Laws of Cybersecurity”. Cybersecurity is a complicated field, and any way to simplify its many facets into short, easy-to-remember maxims is always welcome. The five laws are a very good start towards developing a robust security program. The laws are:
- Treat everything like it’s vulnerable.
- Assume people won’t follow the rules.
- If you don’t need something, get rid of it.
- Document everything and audit regularly.
- Plan for failure.
Of course, compliance with real rules does not necessarily equal security, but these general cybersecurity “laws” are a useful reference. Still, like real regulations, some depth, and background can provide meaningful value. In some cases, the origins of these unofficial laws can add to lively debate by even the staunchest cybersecurity practitioner.