"Ten laws for security approaches security standards using a framework of ten fundamental principles. ... an information security team could use these laws to establish a common vision for the goals of an information security program within an organization. Finally, through its use of cases, practical analysis, takeaways, and a detailed bibliography, this book could easily be adopted as a textbook for an upper-division or graduate class in information security management and policy." (Computing Reviews, June, 2017)

Introduction.- Law 1, Attackers Will Always Find Their Way.- Law 2, Know the Assets to Protect.- Law 3, No Security Through Obscurity.- Law 4, Trust No One.- Law 5, Si Vis Pacem, Para Bellum.- Law 6, You Are the Weakest Link.- Law 7, Security Is No Stronger Than Its Weakest Link.- Law 8, If You Watch the Internet, the Internet Is Watching You.- Law 9, Quis Custodiet Ipsos Custodes? Law 10, Security Is Not a Product, Security Is a Process.- Conclusions.- Abbreviations.- Acronyms.- References.- App. A, A Short Introduction to Cryptography.

The author is the Vice President of Media and Security Technologies at Sony Pictures Entertainment. He was formerly the Vice President of the Security and Content Protection Labs at Technicolor. His main research topics are DRM for professional applications, audio and video watermarking, video fingerprinting, secure distribution of multimedia content, and copy protection. He has more than 25 years of research experience, he has filed more than 95 patents in the field, and he is involved with the main related academic conferences as an organizer and contributor.

In this book the author presents ten key laws governing information security. He addresses topics such as attacks, vulnerabilities, threats, designing security, identifying key IP assets, authentication, and social engineering. The informal style draws on his experience in the area of video protection and DRM, while the text is supplemented with introductions to the core formal technical ideas. It will be of interest to professionals and researchers engaged with information security.