Twelve Information Security Principles Of Success

Information Security may sound complicated, but it isn’t. Security success is dependent on knowing what you need to protect and how to do it.

Twelve Information Security Principles of Success

1. Absolute security is not possible.Hackers can bypass any security measures with enough tools, skills, and time.
2. These are the three security goals: Confidentiality and Integrity.Confidentiality is the ability to keep your data safe from unauthorized access. Integrity is the ability to maintain data unchanged and keep it pure. Data must be available for authorized purposes.
3. As Strategy, Defense in DepthSecurity layers. Layered security measures. Three elements are required to ensure access security: detection, prevention, and response.
4. People make poor security decisions when left alone.You can fall for scams and take the easy route.
5. Two types of requirements are required for computer security: Functional and Assurance.Functional requirements are the basis of a system’s functionalityShouldDo. Assurance requirements define how a functional requirement should implemented and tested.
6. Security through obscurity does not work.Security by obscurity is when the security mechanism’s details are kept secret to protect the system. Problem is, if the secret is ever revealed, then the entire system can be compromised. This can be avoided by ensuring that each mechanism is secure.
7. Security = Risk ManagementSecurity work involves balancing the risk and reward. It is important to assess the threat and budget the resources accordingly.
8. There are three types of security controls Preventative, Detective and ResponsiveThis principle basically states that security controls must have mechanisms to detect and prevent compromises, cisco Colombia respond in real time, or later.
9. Complexity is the enemy.Security will be more difficult to implement if a network or system is too complicated.
10. Fear, uncertainty, or doubt are not effective.It is not a good idea to try to scare management into spending money on security. It is important to explain what is required and why it is so that you can get the resources you need.
11. To secure a facility or system, you need people, technology, and processes.To secure a system, people are required to use the technology and processes. It takes someone to set up and configure (processes), a firewall (technology).
12. It is a good idea to disclose vulnerabilities.Inform people about fixes and patches. It is bad business to not inform users about problems.