10 Concepts You Should Understand (Always)

Regardless of your type of skills, managerial or technical, in cybersecurity there are some "axioms", security concepts around which everything revolves. You can't escape them no matter how hard you'd try. Instead, you should master them.

1. CIA/AN - confidentiality, integrity, availability / authenticity and non-repudiation - all security decisions come from these
2. principle of proportionality - pick measures that are proportional to the risk, the business impact, and cost of implementing them,
3. due care or due diligence - as a minimum we always do what anyone in our position could do,
4. security as a permanent project - we repeatedly verify the effectiveness and relevance of measures, we continuously monitor the status of measures, apply Plan-Do-Control-Act,
5. multilayered security (defense-in-depth) - because most security failures are not caused by a single weakness,
6. zero trust - the boundaries between systems no longer exist today, we have no perimeter, and therefore it must be assumed that anyone can be an attacker,
7. secure by design, secure implicitly - security should be built into the product, not tacked on, and should be a norm,
8. data-centric security - we protect our most precious assets (typically data/information, not computers or networks or software)
9. automation of cybersecurity - manual measures do not work, automated/implicit/transparent measures do,
10. failure of security measures - security failure is not only possible but also probable, be prepared.