Five Irrefutable Laws of Information Security

Last week, Forrester held its annual Security Forum 2010 and discussed, among other topics, the need for consistent controls on our endpoint devices to ensure continuous security and network protection. In his keynote entitled What is the Most Significant Vulnerability We Face Today, Malcolm Harkins, Chief Information Security Officer at Intel Corporation cited an example of his large, security-minded corporation with 80,000 employees who recently received a malicious email. It was so carefully worded, so exact in its delivery, and so convincing that 4,400 employees actually clicked on the link provided in the email. Of the 4,400 that clicked on the link, 400 became infected and their network was at greater risk due to so many infected desktops and laptops. Harkins went on to say the biggest risk companies face today is the misperception of risk, either exaggerating or underestimating risk to IT assets and intellectual property. Therefore, managing risk is the key to surviving an inevitable attack. But we all know that is easier said than done.
According to Harkins, there are five irrefutable laws of information security that can help us frame risk more effectively and protect the precious data that increasingly lands on our endpoint devices.

Information wants to be free. Once data lands on the endpoint, it’s free. There is a much higher likelihood that data will end up in the wrong (continue reading...)