Laws of Security: re-work needed

Filed under: Governance,People,Risk,Security,Technology — lenand @ 3:58 am

Some time ago, Peter Cockrane coined some “laws” of security.  Quarkside is happy to accept them at face value, and tried to categorise them into the three primary Quarks; Process, Governance and Technology:

  1. Resources are deployed inversely proportional to actual risk. (Governance)
  2. Perceived risk never equals actual risk. (Governance)
  3. Security people are never their own customer. (Process)
  4. Cracking systems is 100 times more fun than defending them.  (Technology)
  5. Security standards are an oxymoron. (Governance)
  6. There is always a threat.  The biggest threat always comes from a direction where you’re not looking. (Process)
  7. You need two security groups – one to defend and one to attack. (Process)
  8. People expect 100% electronic security.  (Process)
  9. Nothing is 100% secure. (Technology)
  10. Security and operational requirements are mutually exclusive. (Governance)
  11. Hackers are smarter than you – they are younger! (Process)
  12. Legislation is (and will always be) ‘greater than X’ years behind. (Governance)
  13. As life becomes faster and more chaotic it becomes less secure – but the good news is half-lives are getting shorter too. (Perplexity)
  14. People are always the biggest risk factor. Machines are perverse, but they aren’t devious… yet! (Governance)

Apart from Law 13, it seemed to work.   Can anybody help?

What is not apparent is that the list is Collectively Exhaustive, and they may not be Mutually Exclusive.  Quarkside is not yet ready to devise a MECE list, but it would start top-down and try to avoid both gaps and overlaps.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: