[Hackfest::Archive] Les 10 lois immuables de la sécurité selon Microsoft (v2.0)
UPDATE: Maintenant plus d’une quinzaine d’années!!!
UPDATE: Maintenant plus d’une quinzaine d’années!!!
Il y a une dizaine d’années, Microsoft publiait les 10 lois immuables de la sécurité. Ces 10 lois m’ont beaucoup aidé à vendre mes dossiers par le passé. Depuis, ils ont décidé de les rafraichir au goût du jour, à la 2.0 😉 Croyez-vous qu’en 10 ans, nous avons beaucoup avancé sur ces 10 lois?
The 10 Immutable Laws
- Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.
- Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
- Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
- Law #4: If you allow a bad guy to run active content in your website, it’s not your website any more.
- Law #5: Weak passwords trump strong security.
- Law #6: A computer is only as secure as the administrator is trustworthy.
- Law #7: Encrypted data is only as secure as its decryption key.
- Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
- Law #9: Absolute anonymity isn’t practically achievable, online or offline.
- Law #10: Technology is not a panacea.
https://technet.microsoft.com/en-us/library/hh278941.aspx