• Save
Six Irrefutable Laws of Information Security
Upcoming SlideShare
Loading in...5
×
 

Six Irrefutable Laws of Information Security

on

  • 6,851 views

How can organizations balance business needs and growth with risk mitigation and security controls? These Six Irrefutable Laws of Information security can help you achieve balance.

How can organizations balance business needs and growth with risk mitigation and security controls? These Six Irrefutable Laws of Information security can help you achieve balance.

Statistics

Views

Total Views
6,851
Views on SlideShare
3,583
Embed Views
3,268

Actions

Likes
0
Downloads
1
Comments
0

59 Embeds 3,268

http://www.intel.com 1519
http://dev-www.intel.ctmsp.com 410
http://localhost 229
http://10.209.246.44 201
http://communities.intel.com 154
http://qa-www.intel.ctmsp.com 84
http://www.intel.ru 62
http://cqpreview.intel.com 56
http://www.intel.de 55
http://10.219.204.25 48
http://www.intel.in 44
http://10.209.47.146 40
http://ec2-50-19-2-229.compute-1.amazonaws.com 39
http://www.intel.co.uk 35
http://10.209.47.235 32
http://www.intel.com.tw 29
http://intelopenport.uat5.hosted.jivesoftware.com 24
http://www.intel.com.br 20
http://www.intel.es 16
http://www.intel.fr 15
http://www.intel.com.au 13
http://www.intel.pl 13
http://www.intel.nl 11
http://www.intel.se 10
http://m.intel.sapienttoronto.com 10
http://www.intel.la 10
http://10.209.101.24 9
http://10.209.47.143 9
http://www.intel.ua 9
http://ec2-107-21-156-86.compute-1.amazonaws.com 9
http://www.intel.com.tr 7
http://www.linkedin.com 4
http://intelopenport.hosted.jivesoftware.com 4
http://www.intel.eu 3
http://www.intel.sa 3
http://www.intel.it 3
http://10.209.68.97 2
http://www.intel.co.za 2
http://www.pentium.co.kr 2
http://www.intel.sg 2
http://10.209.246.54 2
http://www.intel.ie 2
http://preview-communities.intel.com 1
http://www.pentium.co.za 1
http://www.cps.intel.com 1
http://www.intel.co.ae 1
http://www.intel.lk 1
https://twitter.com 1
http://www.intel.pk 1
http://www.intelcore.co.il 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Six Irrefutable Laws of Information Security Six Irrefutable Laws of Information Security Presentation Transcript

  • Six Irrefutable Lawsof Information Security
  • IT Risk and SecurityOpposing Forces Locked Down Information assets should be fully protected Open Access Reduces cost and enables use of data and systems2 Copyright © 2012 Intel Corporation. All rights reserved.
  • IT Risk and Security A Balancing Act Open Access Reduces cost and How do we balance: enables use of data • Access to information? and systems • Protection of information? • Legal compliance? • Privacy of data? Locked Down Information assets • Cost of controls? should be fully protected3 Copyright © 2012 Intel Corporation. All rights reserved.
  • You can achieve balance in your security controls by understanding the Six Irrefutable Laws of Information Security1 and making choices about your design accordingly.1 Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources
  • Law 1 Information wants to be free. People have a natural tendency to share information with each other—through talk, posts, and emailSharing information creates potential for leakage. Peoplemay release information that shouldn’t be set free. But sharing alsoincreases innovation. We need to make it safe to collaborate. * Other names and brands may be claimed as the property of others.5 Copyright © 2012 Intel Corporation. All rights reserved.
  • Law 2 Code wants to be wrong. Because people write code, it will never be 100 percent error-free. If intruders are smart and persistent, they will find a way into the software. There is no simple solution. We need to stay vigilant and ready to adjust security controls.6 Copyright © 2012 Intel Corporation. All rights reserved.
  • Law 3 Services want to be on. Services need to be left on so that processes and updates can run in the background. But when services are left on, security risk rises. People add to the risk by installing services like application updates. Services that “are always on” can potentially open a straight line into the system for the intruder.7 Copyright © 2012 Intel Corporation. All rights reserved.
  • Law 4 Users want to click. When people are connected to the Internet, they sometimes click on things without thinking. Curiosity can overcome judgment when people see interesting things on the Internet. Clicking on things make systems and people vulnerable.8 Copyright © 2012 Intel Corporation. All rights reserved.
  • Law 5 Even a security feature can be used for harm. The risks of code errors and services left on, leaves “holes” in security controls. Security controls are designed to create safety. But, like other software, security controls are created with code, and can be manipulated and coopted by hackers with malicious intent.9 Copyright © 2012 Intel Corporation. All rights reserved.
  • Law 6 The efficacy of a control deteriorates with time. We tend to set and forget about security controls, allowing them to lose effectiveness over time. Forgetting about security controls leaves systems open to risk. Hackers move fast; we need to move faster— and maintain an ongoing assessment of controls.10 Copyright © 2012 Intel Corporation. All rights reserved.
  • You may think you know a threat when it approaches…11 Copyright © 2012 Intel Corporation. All rights reserved.
  • … but don’t assume you recognize the true risk.12 Copyright © 2012 Intel Corporation. All rights reserved.
  • Risk surrounds and envelops us. Without understanding it, we risk everything, without capitalizing on it, we gain nothing.4 4 Glynis Breakwell – The Psychology of Risk13 Copyright © 2012 Intel Corporation. All rights reserved.
  • The most effective information security controls help you understand, manage, and balance the inevitable risks. If you want to know more… "Can Information Security Survive?" webinar Malcolm Harkins, Vice President and Chief Information Security Officer at Intel, talks about balancing business needs and growth with risk mitigation.14 Copyright © 2012 Intel Corporation. All rights reserved.
  • Learn more about Intel IT’s information security initiatives at: Intel.com/IT15 Copyright © 2012 Intel Corporation. All rights reserved.