Information security sounds like a complicated task, but it is not. Understanding what needs to be protected and how to protect it is the key to a safe and successful.
Twelve successful information security principles
- There is no absolute security. from
If there is enough time, tools, skills and tilt, hackers can break through any security measures. - The three security objectives are: Confidentiality, integrity and availability. from
Confidentiality means preventing unauthorized access. Integrity means keeping data clean and unchanging. Availability means keeping data available for authorization. - As a deep defense of strategy. from
Layered security measures. If one fails, then other measures will be available. There are three elements to protecting access: prevention, detection, and response. - When they leave, people tend to make the worst security decisions. from
Examples include fraud and take an easy approach. - Computer security depends on two types of requirements: functionality and assurance. from
Functional requirements describe what is the system should do. The warranty requirements describe how to implement and test functional requirements. - Passing unspoken security is not an answer. from
The hidden security means that the details of the hidden security mechanism are sufficient to protect the system. The only problem is that if the secret disappears forever, the entire system will suffer. The best way to resolve this issue is to make sure that no mechanism is responsible for security. - Security = Risk Management. from
Safe work is a careful balance between the level of risk and the expected return on spending a certain amount of resources. Assessing risk and budgeting resources accordingly will help to keep abreast of security threats. - Three security controls: Prevention, detective and reaction. from
Basically this principle says that security controls should have mechanisms to prevent compromises, detect compromises, and respond to compromises in real time or later. - Complexity is the enemy. from
Making the network or system too complex will make security harder to implement. - Fear, uncertainty and doubt don't work. from
Trying to "scare" management to spend money on security is not a good way to get the resources they need. Explain what is needed and why it is the best way to get the resources you need. - People, processes and technology are needed to protect systems or facilities. from
People need to use processes and technologies to protect the system. For example, it requires a person to install and configure [process] a firewall [technique]. - Disclosure of the vulnerability is good. from
Let people know about patches and fixes. Not telling the user that the problem is not good for the business.
These are by no means a security measure to solve all problems. Users must know what they are facing and what they need to protect their systems or networks. Following the twelve principles will help to succeed.
Orignal From: Twelve successful information security principles
No comments:
Post a Comment