Immutable Laws of Cybersecurity

foundational aspects of cybersecurity

1/27/20252 min read

The immutable laws of cybersecurity originated as a way to distill fundamental, unchanging truths about cybersecurity into easily understandable principles. These laws are designed to help organizations and individuals understand the critical and foundational aspects of security.

Law #1: If a bad actor can persuade you to run their program on your computer, it's not solely your computer anymore.

Explanation:
If you download or run a suspicious program (like clicking on a sketchy email link), a hacker can take control of your computer. Be cautious about what you open or install.

https://learn.microsoft.com/en-us/security/zero-trust/ten-laws-of-security

Law #2: If a bad actor can alter the operating system on your computer, it's not your computer anymore.

Explanation:
If someone can mess with your computer's core software (like Windows or macOS), they can control everything. Keep your system secure and updated to prevent this.

Operating System Security - GeeksforGeeks

Law #3: If a bad actor has unrestricted physical access to your computer, it's not your computer anymore.

Explanation:
If someone can physically get to your computer, they can bypass most security. Always lock your devices and don't leave them unattended.

NIST SP 800-12: Chapter 15 - Physical and Environmental Security

Law #4: If you allow a bad actor to run active content on your website, it's not your website anymore.

Explanation:
If you let someone add harmful code to your website (like through unprotected forms or uploads), they can use your site for their own purposes, like stealing data or spreading malware. Always secure your website.

Preventing Web Application Access Control Abuse | CISA

Law #5: Weak passwords trump strong security.

Explanation:
Even the best security measures can fail if your password is easy to guess. Use strong, unique passwords and a password manager to stay safe.

How Strong Passwords Protect Your Data | CSA

Law #6: A computer is only as secure as the administrator is trustworthy.

Explanation:
If the person managing your computer or system isn’t reliable or careful, your security is at risk. Trust only responsible, knowledgeable people to handle important systems.

CIS Control 5: Account Management - CIS Controls Self Assessment Tool Document Library

Law #7: Encrypted data is only as secure as its decryption key.

Explanation:
Encryption protects your data, but if someone gets your key (like your password or encryption code), they can unlock everything. Keep your keys safe and private.

Encryption | CISA

Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.

Explanation:
Antivirus software needs to stay updated to catch new threats. An old version won’t protect you from current risks, so always update it.

Ensure Your OS Antivirus and Anti-Malware Protections are Active | CISA

Law #9: Absolute anonymity isn't practically achievable, either online or offline.

Explanation:
It’s nearly impossible to stay completely anonymous. Whether online or in real life, traces of your activity (like IP addresses or camera footage) can always be found.

Protecting yourself from identity theft online (ITSAP.00.033) - Canadian Centre for Cyber Security

Law #10: Technology isn't a panacea.

Explanation:
Technology alone won’t solve all your security problems. People, processes, and vigilance are just as important as the tools you use.

The Human Factor in Information Security

Cybersecurity is about more than just software or tools. It’s about being cautious, staying updated, using strong passwords, and understanding that people and processes are just as important as technology in staying secure.

info@cybersimm.com

FOLLOW
CONTACT