Six Irrefutable Laws of Information Security

Six Irrefutable Lawsof Information Security

IT Risk and SecurityOpposing Forces Locked Down Information assets should be fully protected Open Access Reduces cost and enables use of data and systems2 Copyright © 2012 Intel Corporation. All rights reserved.

IT Risk and Security A Balancing Act Open Access Reduces cost and How do we balance: enables use of data • Access to information? and systems • Protection of information? • Legal compliance? • Privacy of data? Locked Down Information assets • Cost of controls? should be fully protected3 Copyright © 2012 Intel Corporation. All rights reserved.

You can achieve balance in your security controls by understanding the Six Irrefutable Laws of Information Security1 and making choices about your design accordingly.1 Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources

Law 1 Information wants to be free. People have a natural tendency to share information with each other—through talk, posts, and emailSharing information creates potential for leakage. Peoplemay release information that shouldn’t be set free. But sharing alsoincreases innovation. We need to make it safe to collaborate. * Other names and brands may be claimed as the property of others.5 Copyright © 2012 Intel Corporation. All rights reserved.

Law 2 Code wants to be wrong. Because people write code, it will never be 100 percent error-free. If intruders are smart and persistent, they will find a way into the software. There is no simple solution. We need to stay vigilant and ready to adjust security controls.6 Copyright © 2012 Intel Corporation. All rights reserved.

Law 3 Services want to be on. Services need to be left on so that processes and updates can run in the background. But when services are left on, security risk rises. People add to the risk by installing services like application updates. Services that “are always on” can potentially open a straight line into the system for the intruder.7 Copyright © 2012 Intel Corporation. All rights reserved.

Law 4 Users want to click. When people are connected to the Internet, they sometimes click on things without thinking. Curiosity can overcome judgment when people see interesting things on the Internet. Clicking on things make systems and people vulnerable.8 Copyright © 2012 Intel Corporation. All rights reserved.

Law 5 Even a security feature can be used for harm. The risks of code errors and services left on, leaves “holes” in security controls. Security controls are designed to create safety. But, like other software, security controls are created with code, and can be manipulated and coopted by hackers with malicious intent.9 Copyright © 2012 Intel Corporation. All rights reserved.

Law 6 The efficacy of a control deteriorates with time. We tend to set and forget about security controls, allowing them to lose effectiveness over time. Forgetting about security controls leaves systems open to risk. Hackers move fast; we need to move faster— and maintain an ongoing assessment of controls.10 Copyright © 2012 Intel Corporation. All rights reserved.

Risk surrounds and envelops us. Without understanding it, we risk everything, without capitalizing on it, we gain nothing.4 4 Glynis Breakwell – The Psychology of Risk13 Copyright © 2012 Intel Corporation. All rights reserved.

The most effective information security controls help you understand, manage, and balance the inevitable risks. If you want to know more… "Can Information Security Survive?" webinar Malcolm Harkins, Vice President and Chief Information Security Officer at Intel, talks about balancing business needs and growth with risk mitigation.14 Copyright © 2012 Intel Corporation. All rights reserved.

http://dev-www.intel.ctmsp.com	410
http://www.intel.com	319
http://localhost	229
http://10.209.246.44	201
http://communities.intel.com	147
http://qa-www.intel.ctmsp.com	84
http://www.intel.ru	49
http://10.219.204.25	48
http://www.intel.in	42
http://10.209.47.146	40
http://ec2-50-19-2-229.compute-1.amazonaws.com	39
http://www.intel.de	39
http://10.209.47.235	32
http://www.intel.co.uk	26
http://intelopenport.uat5.hosted.jivesoftware.com	24
http://www.intel.com.br	19
http://cqpreview.intel.com	13
http://www.intel.com.au	12
http://m.intel.sapienttoronto.com	10
http://www.intel.com.tw	9
http://ec2-107-21-156-86.compute-1.amazonaws.com	9
http://10.209.47.143	9
http://10.209.101.24	9
http://www.intel.es	9
http://www.intel.la	9
http://www.intel.fr	7
http://www.intel.ua	6
http://www.intel.pl	6
http://intelopenport.hosted.jivesoftware.com	4
http://www.linkedin.com	4
http://www.intel.nl	3
http://10.209.68.97	2
http://www.pentium.co.kr	2
http://10.209.246.54	2
http://www.intel.com.tr	2
http://www.intel.eu	1
http://www.intel.sg	1
http://www.intelcore.co.il	1
http://www.pentium.fr	1
http://www.pentium.co.za	1
http://qa-auth.intel.ctmsp.com	1
http://www.intel.ph	1
http://communities.intel.co.jp	1
http://www.intel.pk	1
http://www.intel.vn	1
http://192.168.1.115	1
http://www.intel.se	1
http://html.m.intel.com	1
http://ec2-23-22-209-86.compute-1.amazonaws.com	1
http://www.intel.lk	1

Six Irrefutable Laws of Information Security

by IT@Intel on Apr 19, 2012

Accessibility

Categories

Upload Details

Usage Rights

50 Embeds 1,890

Statistics

Six Irrefutable Laws of Information Security Presentation Transcript