Ten Laws for Security

In this book the author presents ten key laws governing information security. He addresses topics such as attacks, vulnerabilities, threats, designing security, identifying key IP assets, authentication, and social engineering. The informal style draws on his experience in the area of video protection and DRM, while the text is supplemented with introductions to the core formal technical ideas. It will be of interest to professionals and researchers engaged with information security.

Presents key laws governing information security

Valuable insights for professionals and researchers engaged with information security

Draws on author’s considerable practical business experience in content security at Sony Pictures Entertainment and at Technicolor (Thomson)

I hope that you will enjoy this book. Would you have any questions, or would you like more information, do not hesitate to contact me at this address.


The book is published by Springer and is available. It can be purchased here.

The book’s flyer is available here.

Table of Content

Foreword by David Naccache


Law 1 – Attackers will always find their way

  • Examples
  • Analysis
  • Take away
  • Summary

Law 2 – Know the Assets to Protect

Law 3 – No security through obscurity

Law 4 – Trust No One

Law 5 – Si Vis Pacem, Para Bellum

Law 6 – Security is no stronger than its weakest link

Law 7 – You are the Weakest Link

Law 8 – If you watch the Internet, the Internet is watching you

Law 9 – Quis custodient ipsos custodes?

Law 10 – Security is not a product, security is a process


Abbreviations – Acronyms


Appendix A: A short introduction to cryptography

  • Asymmetric Cryptography
  • Hash functions

Appendix B: Other ten (or more) laws of security

  • Microsoft
  • Building secure software
  • What hackers don’t want you to know