Rule #1 – You can pay now, or you can pay later, but if you choose to pay later, you will pay MORE.
Rule #2 – You can outsource function, but you cannot outsource responsibility.
Rule #3 – A classic, shamelessly plagiarized: “Faster, Better, Cheaper. Pick TWO.”
Rule #4 – Make NICE with your auditors, no matter how dumb they are.
Rule # 5 – The volume of company executives screaming about the “cost” of information security is the direct inverse of how little money they’ve put into it in the past.
Rule # 6 – Don’t expect the best audit from the cheapest bidder. You get exactly what you pay for. Unless, of course, that’s exactly what you want. See Rule #1.
Rule # 7 – Compliance with regulations is a Gentleman’s C.
Rule # 8 – If you have “checkbox security,” you will have a box full of checks. Paid to other people.
Rule # 9 – The skills of your IT people directly relate to the training they receive. See Rule #1.
Rule #10 – No more acronyms! PCMCIA.