Murphy's Law, Cyber Defense and Blue Team Operations
How Murphy's Law Ties into Blue Team Cyber Defense Since Murphy's Law means that anything bad can happen at anytime to anyone, and there are no guarantees, we must base our cyber security philosophy, psychology, strategies, policies, plans, methods and tactics on that exact premise and assumption. We must work and plan from the assumption that there are no guarantees, when we can. This can be our strength, rather than our weakness. But also, we must be careful so this does not paralyze us from taking risks, because not doing something can also make things worse. That is also a catch-22 of Murphy's Law. This means we should, wherever and whenever possible, forbid “riding on luck” and instead deliberately assure as much as we can, however we can, and wherever we can. It means we take smart, calculated risks and build in countermeasures and compensating controls , rather than not, in our most critical places,...