We recently released the\u00a0Cisco 2015 Annual Security Report\u00a0and have now used it as a platform to introduce the inaugural Cisco Security Manifesto. Our motivation for creating this set of security principles was to underscore to organizations that they must be more dynamic in their approach to security so they can become more adaptive and innovative than adversaries\u2014and better protect users.\nHere\u2019s a quick overview of the five basic principles of the Cisco Security Manifesto:\n\n\n \n Cisco Security Manifesto: 2015 Annual Security Report from Cisco Business Insights\n\n\n\n\nSecurity must be considered a growth engine for the business.\u00a0Security can\u2019t stand in the way of user productivity and business innovation. It is less likely to become a roadblock if security teams are included in conversations about new technology deployments.\nSecurity must work with existing architecture and be usable.\u00a0\u201cArchitecture overload\u201d is what drives users to circumvent security architecture, leaving the organization less secure.\nSecurity must be transparent and informative.\u00a0If users can\u2019t take a certain action because of security, they should be told why\u2014and be offered a safer way to achieve their goals, if possible.\nSecurity must enable visibility and appropriate action.\u00a0Security teams need to be able to verify that the security solutions the organization relies on are truly effective.\nSecurity must be viewed as a \u201cpeople problem.\u201d\u00a0People, processes, and technology together must form the defense against today\u2019s threats. Security technologies are merely tools.\n\nFor some time now, we at Cisco have been saying that to deal with today\u2019s biggest security challenges, organizations need a simpler, scalable, threat-centric approach that addresses security across the entire attack continuum\u2014before, during, and after an attack. The Cisco Security Manifesto is intended to help organizations evolve toward that approach, and gain a broader view of the attack continuum.\nWhile many threats can be avoided, compromise is inevitable. \u201cReal-world security\u201d means not only having the ability to reduce the time to resolution when compromise does happen, but also to keep users, the ultimate assets, protected. And it has never been more important for security teams to focus on improving user protection. As the\u00a0Cisco 2015 Annual Security Report\u00a0explains, users are not only targets for today\u2019s adversaries, but they are also now \u201cthe complicit enablers of attacks.\u201d\nWe suggest that embracing the principles in the Cisco Security Manifesto, or a similar set of guidelines, will better position organizations to help every user\u2014from the chief executive to the newest hire\u2014to understand their place in the \u201cbig picture\u201d of security. When users no longer need to engage in risky behavior for the sake of doing their jobs and also understand the potential security consequences of their actions, security teams can better protect them. And better-protected users are far less valuable to adversaries who rely on them to be weak links in the security chain.\nAs they say, knowledge is power.