As many of us in the industry followed this journey to a higher level of abstraction, we saw patterns of common myths, biases, and blind spots emerge at the risk management layer. We decided to create a new list of laws for cybersecurity risk while retaining the original laws (v2) as is (with a single slight change of “bad guy” to “bad actor” to be fully correct and inclusive).
The immutable laws of security
Busting myths, biases, and blind spots with the ten laws of cybersecurity.
learn.microsoft.com
