Eigen’s 2008 InfoSecurity “Rules of Thumb”

Rule #1 - You can pay now, or you can pay later, but if you choose to pay later, you will pay MORE.

Rule #2 - You can outsource function, but you cannot outsource responsibility.

Rule #3 - A classic, shamelessly plagiarized: “Faster, Better, Cheaper. Pick TWO.”

Rule #4 - Make NICE with your auditors, no matter how dumb they are.

Rule # 5 - The volume of company executives screaming about the “cost” of information security is the direct inverse of how little money they’ve put into it in the past.

Rule # 6 - Don’t expect the best audit from the cheapest bidder. You get exactly what you pay for. Unless, of course, that’s exactly what you want. See Rule #1.

Rule # 7 - Compliance with regulations is a Gentleman’s C.

Rule # 8 - If you have “checkbox security,” you will have a box full of checks. Paid to other people.

Rule # 9 - The skills of your IT people directly relate to the training they receive. See Rule #1.

Rule #10 - No more acronyms! PCMCIA.