SlideShare a Scribd company logo

Six Irrefutable Laws of Information Security

IT@Intel
IT@Intel

How can organizations balance business needs and growth with risk mitigation and security controls? These Six Irrefutable Laws of Information security can help you achieve balance.

Technology
1 of 15
Six Irrefutable Laws of Information Security
IT Risk and Security Opposing Forces Locked Down Information assets should be fully protected Open Access Reduces cost and enables use of data and systems 2 Copyright © 2012 Intel Corporation. All rights reserved.
IT Risk and Security A Balancing Act Open Access Reduces cost and How do we balance: enables use of data • Access to information? and systems • Protection of information? • Legal compliance? • Privacy of data? Locked Down Information assets • Cost of controls? should be fully protected 3 Copyright © 2012 Intel Corporation. All rights reserved.
You can achieve balance in your security controls by understanding the Six Irrefutable Laws of Information Security1 and making choices about your design accordingly. 1 Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources
Law 1 Information wants to be free. People have a natural tendency to share information with each other—through talk, posts, and email Sharing information creates potential for leakage. People may release information that shouldn’t be set free. But sharing also increases innovation. We need to make it safe to collaborate. * Other names and brands may be claimed as the property of others. 5 Copyright © 2012 Intel Corporation. All rights reserved.
Law 2 Code wants to be wrong. Because people write code, it will never be 100 percent error-free. If intruders are smart and persistent, they will find a way into the software. There is no simple solution. We need to stay vigilant and ready to adjust security controls. 6 Copyright © 2012 Intel Corporation. All rights reserved.
Law 3 Services want to be on. Services need to be left on so that processes and updates can run in the background. But when services are left on, security risk rises. People add to the risk by installing services like application updates. Services that “are always on” can potentially open a straight line into the system for the intruder. 7 Copyright © 2012 Intel Corporation. All rights reserved.
Law 4 Users want to click. When people are connected to the Internet, they sometimes click on things without thinking. Curiosity can overcome judgment when people see interesting things on the Internet. Clicking on things make systems and people vulnerable. 8 Copyright © 2012 Intel Corporation. All rights reserved.
Law 5 Even a security feature can be used for harm. The risks of code errors and services left on, leaves “holes” in security controls. Security controls are designed to create safety. But, like other software, security controls are created with code, and can be manipulated and coopted by hackers with malicious intent. 9 Copyright © 2012 Intel Corporation. All rights reserved.
Law 6 The efficacy of a control deteriorates with time. We tend to set and forget about security controls, allowing them to lose effectiveness over time. Forgetting about security controls leaves systems open to risk. Hackers move fast; we need to move faster— and maintain an ongoing assessment of controls. 10 Copyright © 2012 Intel Corporation. All rights reserved.
You may think you know a threat when it approaches… 11 Copyright © 2012 Intel Corporation. All rights reserved.
… but don’t assume you recognize the true risk. 12 Copyright © 2012 Intel Corporation. All rights reserved.
Risk surrounds and envelops us. Without understanding it, we risk everything, without capitalizing on it, we gain nothing.4 4 Glynis Breakwell – The Psychology of Risk 13 Copyright © 2012 Intel Corporation. All rights reserved.
The most effective information security controls help you understand, manage, and balance the inevitable risks. If you want to know more… "Can Information Security Survive?" webinar Malcolm Harkins, Vice President and Chief Information Security Officer at Intel, talks about balancing business needs and growth with risk mitigation. 14 Copyright © 2012 Intel Corporation. All rights reserved.
Learn more about Intel IT’s information security initiatives at: Intel.com/IT 15 Copyright © 2012 Intel Corporation. All rights reserved.

Recommended

Can Information Security Survive
Can Information Security SurviveCan Information Security Survive
Can Information Security Survive
IT@Intel
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
Ben Johnson
 
Ch12
Ch12Ch12
Ch12
kelasapa
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
Stephen Lahanas
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
PECB
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
Dean Bonehill ♠Technology for Business♠
 
Regulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent NeedRegulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent Need
Rajesh Chitharanjan
 

Recommended

Can Information Security Survive
Can Information Security SurviveCan Information Security Survive
Can Information Security Survive
IT@Intel
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
Ben Johnson
 
Ch12
Ch12Ch12
Ch12
kelasapa
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
Stephen Lahanas
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
PECB
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
Dean Bonehill ♠Technology for Business♠
 
Regulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent NeedRegulations in IoT - Innovation Stifle or Urgent Need
Regulations in IoT - Innovation Stifle or Urgent Need
Rajesh Chitharanjan
 
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Khazret Sapenov
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
Julius Clark, CISSP, CISA
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
presCyberNISC2015
presCyberNISC2015presCyberNISC2015
presCyberNISC2015Denis Philippe
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
TechWell
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
Julius Clark, CISSP, CISA
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Somasundaram Jambunathan
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers Miserable
Julius Clark, CISSP, CISA
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
jaredcarst
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
TechWell
 
NUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and Beyond
NUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and BeyondNUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and Beyond
NUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and Beyond
NUS-ISS
 
OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 BrochureDominic Vogel
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
Lancope, Inc.
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security
Cindy Kim
 
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Crew
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 

More Related Content

What's hot

Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Khazret Sapenov
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
Julius Clark, CISSP, CISA
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
ethanBrownusa
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
TechWell
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
Julius Clark, CISSP, CISA
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Somasundaram Jambunathan
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers Miserable
Julius Clark, CISSP, CISA
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
jaredcarst
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
TechWell
 
NUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and Beyond
NUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and BeyondNUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and Beyond
NUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and Beyond
NUS-ISS
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
Lancope, Inc.
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 

What's hot (19)

Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
 
presCyberNISC2015
presCyberNISC2015presCyberNISC2015
presCyberNISC2015
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the Society
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers Miserable
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
NUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and Beyond
NUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and BeyondNUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and Beyond
NUS-ISS Learning Day 2017 - Security Dynamics - Moving IoT and Beyond
 
OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 Brochure
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 

Viewers also liked

7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security
Cindy Kim
 
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Crew
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...
pero periuc
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
Murray Security Services
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
Marcelo Martins
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingSYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
Dsunte Wilson
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
NormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield, Inc.
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
Measuring Success - Security KPIs
Measuring Success - Security KPIsMeasuring Success - Security KPIs
Measuring Success - Security KPIs
H Contrex
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 

Viewers also liked (17)

7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security
 
Risk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best PracticeRisk Factory Information Security Coordination Challenges & Best Practice
Risk Factory Information Security Coordination Challenges & Best Practice
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
 
Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...Development and implementation of metrics for information security risk asses...
Development and implementation of metrics for information security risk asses...
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and ReportingSYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
SYMANTEC ENDPOINT PROTECTION Advanced Monitoring and Reporting
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
NormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration Overview
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Measuring Success - Security KPIs
Measuring Success - Security KPIsMeasuring Success - Security KPIs
Measuring Success - Security KPIs
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 

Similar to Six Irrefutable Laws of Information Security

Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples Story
International Institute for Learning
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013
Imperva
 
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target 2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
Raleigh ISSA
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
itmsday2.pptx
itmsday2.pptxitmsday2.pptx
itmsday2.pptx
santoshmohanthy2
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
online Marketing
 
IoT Security.pdf
IoT Security.pdfIoT Security.pdf
IoT Security.pdf
SudhanshiBakre1
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
learntransformation0
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
 
Role of Artificial Intelligence in Data Protection
Role of Artificial Intelligence in Data ProtectionRole of Artificial Intelligence in Data Protection
Role of Artificial Intelligence in Data Protection
Edology
 
Role of AI in Data Protection
Role of AI in Data ProtectionRole of AI in Data Protection
Role of AI in Data Protection
Edology
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
Core Security
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016
Courion Corporation
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloudNicholas Chia
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
Core Security
 
Pci compliance training agents
Pci compliance training agentsPci compliance training agents
Pci compliance training agentsocinc
 

Similar to Six Irrefutable Laws of Information Security (20)

Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples Story
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013
 
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target 2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
itmsday2.pptx
itmsday2.pptxitmsday2.pptx
itmsday2.pptx
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
 
IoT Security.pdf
IoT Security.pdfIoT Security.pdf
IoT Security.pdf
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Role of Artificial Intelligence in Data Protection
Role of Artificial Intelligence in Data ProtectionRole of Artificial Intelligence in Data Protection
Role of Artificial Intelligence in Data Protection
 
Role of AI in Data Protection
Role of AI in Data ProtectionRole of AI in Data Protection
Role of AI in Data Protection
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloud
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 
Pci compliance training agents
Pci compliance training agentsPci compliance training agents
Pci compliance training agents
 

More from IT@Intel

IT@Intel: Creating Smart Spaces with All-in-Ones
IT@Intel: Creating Smart Spaces with All-in-OnesIT@Intel: Creating Smart Spaces with All-in-Ones
IT@Intel: Creating Smart Spaces with All-in-Ones
IT@Intel
 
Unlock Hidden Potential through Big Data and Analytics
Unlock Hidden Potential through Big Data and AnalyticsUnlock Hidden Potential through Big Data and Analytics
Unlock Hidden Potential through Big Data and Analytics
IT@Intel
 
Intel and IT- key industry trends driving business transformation
Intel and IT- key industry trends driving business transformationIntel and IT- key industry trends driving business transformation
Intel and IT- key industry trends driving business transformation
IT@Intel
 
IT@Intel: Introducing IT on the Go
IT@Intel: Introducing IT on the GoIT@Intel: Introducing IT on the Go
IT@Intel: Introducing IT on the Go
IT@Intel
 
Enterprise Video Hosting: Introducing the Intel Video Portal
Enterprise Video Hosting: Introducing the Intel Video PortalEnterprise Video Hosting: Introducing the Intel Video Portal
Enterprise Video Hosting: Introducing the Intel Video Portal
IT@Intel
 
How to Self-Provision over WLAN with Intel(R) vPro(TM) Technology
How to Self-Provision over WLAN with Intel(R) vPro(TM) TechnologyHow to Self-Provision over WLAN with Intel(R) vPro(TM) Technology
How to Self-Provision over WLAN with Intel(R) vPro(TM) Technology
IT@Intel
 
Jamming on Collaboration
Jamming on CollaborationJamming on Collaboration
Jamming on Collaboration
IT@Intel
 
Accelerating Our Path to Multi Platform Benefits
Accelerating Our Path to Multi Platform BenefitsAccelerating Our Path to Multi Platform Benefits
Accelerating Our Path to Multi Platform Benefits
IT@Intel
 
Deploying Intel Architecture-based Tablets with Windows* 8 at Intel
Deploying Intel Architecture-based Tablets with Windows* 8 at IntelDeploying Intel Architecture-based Tablets with Windows* 8 at Intel
Deploying Intel Architecture-based Tablets with Windows* 8 at Intel
IT@Intel
 
Nurturing Innovation at Intel through Mindfulness
Nurturing Innovation at Intel through MindfulnessNurturing Innovation at Intel through Mindfulness
Nurturing Innovation at Intel through Mindfulness
IT@Intel
 
Evaluating Microsoft Windows 8 Security on Intel Architecture Tablets
Evaluating Microsoft Windows 8 Security on Intel Architecture TabletsEvaluating Microsoft Windows 8 Security on Intel Architecture Tablets
Evaluating Microsoft Windows 8 Security on Intel Architecture Tablets
IT@Intel
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
IT@Intel
 
It tools slideshare
It tools slideshareIt tools slideshare
It tools slideshareIT@Intel
 

More from IT@Intel (13)

IT@Intel: Creating Smart Spaces with All-in-Ones
IT@Intel: Creating Smart Spaces with All-in-OnesIT@Intel: Creating Smart Spaces with All-in-Ones
IT@Intel: Creating Smart Spaces with All-in-Ones
 
Unlock Hidden Potential through Big Data and Analytics
Unlock Hidden Potential through Big Data and AnalyticsUnlock Hidden Potential through Big Data and Analytics
Unlock Hidden Potential through Big Data and Analytics
 
Intel and IT- key industry trends driving business transformation
Intel and IT- key industry trends driving business transformationIntel and IT- key industry trends driving business transformation
Intel and IT- key industry trends driving business transformation
 
IT@Intel: Introducing IT on the Go
IT@Intel: Introducing IT on the GoIT@Intel: Introducing IT on the Go
IT@Intel: Introducing IT on the Go
 
Enterprise Video Hosting: Introducing the Intel Video Portal
Enterprise Video Hosting: Introducing the Intel Video PortalEnterprise Video Hosting: Introducing the Intel Video Portal
Enterprise Video Hosting: Introducing the Intel Video Portal
 
How to Self-Provision over WLAN with Intel(R) vPro(TM) Technology
How to Self-Provision over WLAN with Intel(R) vPro(TM) TechnologyHow to Self-Provision over WLAN with Intel(R) vPro(TM) Technology
How to Self-Provision over WLAN with Intel(R) vPro(TM) Technology
 
Jamming on Collaboration
Jamming on CollaborationJamming on Collaboration
Jamming on Collaboration
 
Accelerating Our Path to Multi Platform Benefits
Accelerating Our Path to Multi Platform BenefitsAccelerating Our Path to Multi Platform Benefits
Accelerating Our Path to Multi Platform Benefits
 
Deploying Intel Architecture-based Tablets with Windows* 8 at Intel
Deploying Intel Architecture-based Tablets with Windows* 8 at IntelDeploying Intel Architecture-based Tablets with Windows* 8 at Intel
Deploying Intel Architecture-based Tablets with Windows* 8 at Intel
 
Nurturing Innovation at Intel through Mindfulness
Nurturing Innovation at Intel through MindfulnessNurturing Innovation at Intel through Mindfulness
Nurturing Innovation at Intel through Mindfulness
 
Evaluating Microsoft Windows 8 Security on Intel Architecture Tablets
Evaluating Microsoft Windows 8 Security on Intel Architecture TabletsEvaluating Microsoft Windows 8 Security on Intel Architecture Tablets
Evaluating Microsoft Windows 8 Security on Intel Architecture Tablets
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
 
It tools slideshare
It tools slideshareIt tools slideshare
It tools slideshare
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 

Six Irrefutable Laws of Information Security

  • 1. Six Irrefutable Laws of Information Security
  • 2. IT Risk and Security Opposing Forces Locked Down Information assets should be fully protected Open Access Reduces cost and enables use of data and systems 2 Copyright © 2012 Intel Corporation. All rights reserved.
  • 3. IT Risk and Security A Balancing Act Open Access Reduces cost and How do we balance: enables use of data • Access to information? and systems • Protection of information? • Legal compliance? • Privacy of data? Locked Down Information assets • Cost of controls? should be fully protected 3 Copyright © 2012 Intel Corporation. All rights reserved.
  • 4. You can achieve balance in your security controls by understanding the Six Irrefutable Laws of Information Security1 and making choices about your design accordingly. 1 Phil Venables 2008, adapted from Scott Culp 2000, Pete Lindstrom 2008, and other sources
  • 5. Law 1 Information wants to be free. People have a natural tendency to share information with each other—through talk, posts, and email Sharing information creates potential for leakage. People may release information that shouldn’t be set free. But sharing also increases innovation. We need to make it safe to collaborate. * Other names and brands may be claimed as the property of others. 5 Copyright © 2012 Intel Corporation. All rights reserved.
  • 6. Law 2 Code wants to be wrong. Because people write code, it will never be 100 percent error-free. If intruders are smart and persistent, they will find a way into the software. There is no simple solution. We need to stay vigilant and ready to adjust security controls. 6 Copyright © 2012 Intel Corporation. All rights reserved.
  • 7. Law 3 Services want to be on. Services need to be left on so that processes and updates can run in the background. But when services are left on, security risk rises. People add to the risk by installing services like application updates. Services that “are always on” can potentially open a straight line into the system for the intruder. 7 Copyright © 2012 Intel Corporation. All rights reserved.
  • 8. Law 4 Users want to click. When people are connected to the Internet, they sometimes click on things without thinking. Curiosity can overcome judgment when people see interesting things on the Internet. Clicking on things make systems and people vulnerable. 8 Copyright © 2012 Intel Corporation. All rights reserved.
  • 9. Law 5 Even a security feature can be used for harm. The risks of code errors and services left on, leaves “holes” in security controls. Security controls are designed to create safety. But, like other software, security controls are created with code, and can be manipulated and coopted by hackers with malicious intent. 9 Copyright © 2012 Intel Corporation. All rights reserved.
  • 10. Law 6 The efficacy of a control deteriorates with time. We tend to set and forget about security controls, allowing them to lose effectiveness over time. Forgetting about security controls leaves systems open to risk. Hackers move fast; we need to move faster— and maintain an ongoing assessment of controls. 10 Copyright © 2012 Intel Corporation. All rights reserved.
  • 11. You may think you know a threat when it approaches… 11 Copyright © 2012 Intel Corporation. All rights reserved.
  • 12. … but don’t assume you recognize the true risk. 12 Copyright © 2012 Intel Corporation. All rights reserved.
  • 13. Risk surrounds and envelops us. Without understanding it, we risk everything, without capitalizing on it, we gain nothing.4 4 Glynis Breakwell – The Psychology of Risk 13 Copyright © 2012 Intel Corporation. All rights reserved.
  • 14. The most effective information security controls help you understand, manage, and balance the inevitable risks. If you want to know more… "Can Information Security Survive?" webinar Malcolm Harkins, Vice President and Chief Information Security Officer at Intel, talks about balancing business needs and growth with risk mitigation. 14 Copyright © 2012 Intel Corporation. All rights reserved.
  • 15. Learn more about Intel IT’s information security initiatives at: Intel.com/IT 15 Copyright © 2012 Intel Corporation. All rights reserved.