10 Immutable Laws of Security
=============================
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true

#1:  If a bad guy can persuade you to run his program on your computer, it's not your computer anymore

#2:  If a bad guy can alter the operating system on your computer, it's not your computer anymore

#3:  If a bad guy has unrestricted physical access to your computer, it's not your computer anymore

#4:  If you allow a bad guy to upload programs to your website, it's not your website any more

#5:  Weak passwords trump strong security

#6:  A computer is only as secure as the administrator is trustworthy

#7:  Encrypted data is only as secure as the decryption key

#8:  An out of date virus scanner is only marginally better than no virus scanner at all

#9:  Absolute anonymity isn't practical, in real life or on the Web

#10: Technology is not a panacea




10 Immutable Laws of Security Administration
============================================
http://www.microsoft.com/technet/archive/community/columns/security/essays/10salaws.mspx?mfr=true

#1:  Nobody believes anything bad can happen to them, until it does

#2:  Security only works if the secure way also happens to be the easy way

#3:  If you don't keep up with security fixes, your network won't be yours for long

#4:  It doesn't do much good to install security fixes on a computer that was never secured to begin with

#5:  Eternal vigilance is the price of security

#6:  There really is someone out there trying to guess your passwords

#7:  The most secure network is a well-administered one

#8:  The difficulty of defending a network is directly proportional to its complexity

#9:  Security isn't about risk avoidance; it's about risk management

#10: Technology is not a panacea