SE Labs

Special Edition
Computer security testing comment and analysis from SE Labs

DE:CODED – Cyber Security First Principles

“A mugger can only attack one person at a time… cybercriminals can defraud thousands of people simultaneously.”

DE:CODED is the official podcast from SE Labs.

Listen on Apple Podcasts Listen on Spotify Listen on Google Podcasts Listen on Stitcher


Show notes for series 1, episode 4

In this episode we describe cyber security first principles.

Why can’t we just lock everything up in a safe?

Annual Report 2020

There is a lot of complexity around security, some of which is necessary but there’s also a lot of over-complication. We thought it would be a good idea to look at what security really means. Why can’t we just lock up everything in a safe and know it’s all secured?

We also have to consider that with cyber security there are targeted attacks and more generalised attacks that can affect everyone. In the physical world a mugger can only really attack one person at a time. A burglar can only case so many targets and break in every so often. Whereas cybercriminals can send tricky emails and defraud thousands of people simultaneously.

But the thing every person and business has in common is that they should follow these steps, which are to:

  1. Identify the threats
  2. Assess the risks, and
  3. Mitigate the risks

Cyber security first principles for governments

Even governments start with a few cyber security first principles. Consider the CIA Triad of:

  • Confidentiality – where you limit access to information
  • Integrity – where information is trustworthy and accurate
  • Availability – Authorised people can access the information reliably

The podcast contains this and much more content and detail.

Please subscribe to our cyber security podcast and be one of the first to hear the discussions.

Sign up to our newsletter!


  • Don’t be too secure!
  • Threat profiling
  • Infosec principles
  • General advice vs. CIA Triad


Anti-virusY1/2 – reduced interference1/2 – ransomware
FirewallsY1/2 – reduced interferenceX
Shoulder surfing awarenessYXX
Password complexity, re-use and storageY1/2 – reduced interferenceX
Update devicesY1/2 – reduced interferenceX
Encryption on devicesY1/2 – reduced interferenceX
Encryption in appsY1/2 – reduced interferenceX
1/2 – reduced interference means the advice helps with integrity, in the sense that it prevents attackers from interfering with the target. A password helps keep data integrity if it stops unauthorised access, for example. Similarly, 1/2 – ransomware indicates that anti-virus helps keep data available if it stops a ransomware attack, which is designed to make data not available!

Peek further behind the curtain with DE:CODED Circle.

If you would like access to exclusive, private content from the security testers at SE Labs, please consider applying to join DE:CODED Circle.

DE:CODED Circle is a moderated, vetted community built with the goal of sharing threat intelligence and business-focussed security knowledge to responsible peers.

Apply to DE:CODED Circle now.


Please send your comments, questions and concerns to


SE Labs Ltd is a private, independently-owned and run testing company that assesses security products and services. The main laboratory is located in Wimbledon, South London. It has excellent local and international travel connections. The lab is open for prearranged client visits.


SE Labs Ltd
Hill Place House
55A High Street
SW19 5BA

020 3875 5000