There’s a list of over 40 Physical Security Maxims put together by Roger G. Johnston from the Argonne Vulnerability Assessment Team. They have funny names like the Huh Maxim, Yipee Maxim, Arg Maxim, and Gossip Maxim.
The following maxims are somewhat cynical and tongue-in-cheek. Nevertheless they say important things about physical security, and are essentially correct 80-90% of the time (unfortunately).
(Thanks to Bruce Schneier’s Crypto-Gram for the pointer to this list.)