Ten years ago, Microsoft penned the “Ten Immutable Laws of Security,” which debuted on TechNet. It was written before the rise of – among other technologies and trends – cloud computing, social networking, widespread smartphone adoption, and Windows XP, to name but a few landmarks along the way. Did a decade of change mutate the Immutables? How can understanding the Laws lead to smarter security for everyone from corporations to home users? We invite you to read “Ten Immutable Laws of Security 2.0” and see for yourself.
-----------------------------------------------------------------------
The 10 Immutable Laws
- Law #1: If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore.
- Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
- Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
- Law #4: If you allow a bad guy to run active content in your website, it's not your website any more.
- Law #5: Weak passwords trump strong security.
- Law #6: A computer is only as secure as the administrator is trustworthy.
- Law #7: Encrypted data is only as secure as its decryption key.
- Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
- Law #9: Absolute anonymity isn't practically achievable, online or offline.
- Law #10: Technology is not a panacea.
No comments:
Post a Comment