Principles.md

Security Principles

Work In Progress...

1. Do No Harm
2. Least Privilege
3. Defense in Depth
4. Security isn't an ROI calculation
5. It is impossible to eliminate all risks

Additional Candidate Principles...

• Rules of Risk Calculation and Mitigating Controls

• Not all risks must be mitigated

• Security is not just keeping the bad guys out

• CIA Triad

  • Confidentiality
  • Integrity
  • Availability

• Preventation, Detection, Deterrents

• Prevention fails

• Security vs. Convenience