Secure the weakest link

Low-hanging fruit is picked first, I.e. Attack end points, not encrypted links

Risk analysis ID’s the weakest link

Apportion resources according to risk

Practice defense in depth

One layer is never enough

Overlapping & redundant

Fail securely

Failure is unavoidable

Allow least privilege

Only the minimum access is allowed

For the minimum time

i.e. – Temporary root privilege

Compartmentalize

Break system into encapsulated units

Keep it simple

Complexity increases risk

Harder to fix

Choke points approach

Promote privacy

Not necessarily security, but desirable

Give out only minimum data, ‘need to know’

Remember that hiding secrets is hard

Binaries can be reverse engineered

Insider attacks are the most common attack

Be reluctant to trust

Don’t assume shrink-wrap software is secure

Beware of customer support

Don’t trust trusted software too far

Use your community resources

Open trusted sourcing