This is from an old Microsoft document published back in 2000, but it serves as a good basis for teaching people about proper use of their computers. I appreciate how it emphasizes the ownership of the computer not as the physical posession, but as control.
Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn’t practical, in real life or on the Web
Law #10: Technology is not a panacea
#6 is very important, but how many church leaders would read this list? The people who know about the importance of security are typically the people who are directly in charge of it, everyone else would prefer to be blissfully ignorant. Who verifies the integrity and preparedness of the system administrator where you are? If you are the system administrator, who is watching you? If nobody is then maybe you should request it.
You can read the details here: 10 Immutable Laws of Security.
0 Responses to “10 Immutable Laws of Security”