Five Irrefutable Laws of Information Security

Apparently these come from the CISO of Intel. Look pretty good to me.

1. Information wants to be free. Once data lands on the endpoint, it’s free. There is a much higher likelihood that data will end up in the wrong hands if it’s on an endpoint. Consequently, be careful about what you allow to be stored on the endpoint. Implement policies that restrict data leakage on endpoints and USB devices.
2. Code wants to be wrong. No matter how hard developers and engineers try, code always has flaws and bugs that open up vulnerabilities. Frequent and consistent patching is essential to keep your network protected to the highest degree possible.
3. Services want to be on. Employees, partners, and customers all want access to your network. Self-service utilities and applications are no doubt a great resource but they can also be the point of vulnerabilities. Frequently test and probe the security capabilities of these types of applications, and regularly look for vulnerabilities and weaknesses that may be exploited by any external or internal user.
4. Users want to click. Whenever users see a button, they click on it! Email borne viruses and malicious websites are the source of many viruses and breaches to network security. Educating your end users is an ongoing effort. People forget. They get lazy and have to be reminded about the dangers that lurk on the internet.
5. Security features want to be bypassed. Sometimes a security feature can be bypassed (even when enabled) depending upon if the state of a laptop is in standby mode, for example. Always review with your IT staff if any security feature can be bypassed by any means.