Today when clearing up my desk, I ran across some old stained printouts called the 10 Immutable laws of security. Reading them again, I see the information still stands today so I thought why not sharing these with you.

10 Immutable Laws of Security: see essay on http://technet.microsoft.com/en-us/library/cc722487.aspx

• Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
• Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
• Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
• Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more
• Law #5: Weak passwords trump strong security
• Law #6: A computer is only as secure as the administrator is trustworthy
• Law #7: Encrypted data is only as secure as the decryption key
• Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
• Law #9: Absolute anonymity isn’t practical, in real life or on the Web
• Law #10: Technology is not a panacea

10 Immutable Laws of Security Administration: see essay on http://technet.microsoft.com/en-us/library/cc722488.aspx

• Law #1: Nobody believes anything bad can happen to them, until it does
• Law #2: Security only works if the secure way also happens to be the easy way
• Law #3: If you don’t keep up with security fixes, your network won’t be yours for long
• Law #4: It doesn’t do much good to install security fixes on a computer that was never secured to begin with
• Law #5: Eternal vigilance is the price of security
• Law #6: There really is someone out there trying to guess your passwords
• Law #7: The most secure network is a well-administered one
• Law #8: The difficulty of defending a network is directly proportional to its complexity
• Law #9: Security isn’t about risk avoidance; it’s about risk management
• Law #10: Technology is not a panacea