
372 Cyberpower
Hence, it is management’s responsibility to provide the necessary means for
the implementation and administration of a security plan.
Financial principle: the cost of security and the control measures must be
proportional to the risks and known to the users.
Simplicity and universality principle: security measures must be simple,
exible, understandable, and applicable to everybody.
Dynamic principle: security must be dynamic in order to integrate the tem-
poral dimension and the evolution of requirements.
Continuum principle: the enterprise must continue to function even after
an incident. Emergency and recovery procedures are required ...