Stiennon’s laws | ThreatChaos

Fellow blogger Richard Stiennon is known for his wit and in-depth coverage of the security landscape. Now, I might have to think of him as a philosopher as well.
1. Good end point security assumes the network is hostile.
2. Good network security assumes the end point is hostile.
3. Good data security assumes the user is hostile.
Src: Stiennon’s laws | ThreatChaos

1 comment:

DrInfoSec said...

Andrew Yeomans, VP Global Information Security at Dresdner Kleinwort, proposed a 4th law in one of the LinkedIn forums:
4. Good user security assumes the data is hostile.
5. Good end point security assumes the data is hostile.
6. Good data security assumes the end point is hostile.

Since we have a chain

User — Data — End-point (or host) — Network

And each link in the chain should only trust those either side with great caution.