Today, a spate of best practices guides, checklists, policies, and standards pervade nearly every part of information security practice. Some are well thought out and well written, others less so. How do you evaluate them? This report explores the Information Security Practice Principles on which all security operates. Created by analysts at Indiana University’s Center for Applied Cybersecurity Research, these Principles enable you to assess any guide, policy, or standard—and even create new ones.
The Principles provide a framework to help you reason through security implications of devices and systems, regardless of how novel or new that technology may be. You’ll be able to analyze and understand security policy, technological controls, and physical security, and assess vendor solutions.
Written by the Principle’s authors, this report walks InfoSec professionals, managers and executives, and IT engineers through seven principles—Comprehensivity, Opportunity, Rigor, Minimization, Compartmentation, Fault Tolerance, and Proportionality—and explains how they apply in both technical and human/policy contexts.
Discover why many organizations have approached the Center for Applied Cybersecurity Research when they have questions about technologies, networks, and organizational structures that are unconventional, complex, or unexplored.
Table of contents
- About CACR
- 1. Comprehensivity
- 2. Opportunity
- 3. Rigor
- 4. Minimization
- 5. Compartmentation
- 6. Fault Tolerance
- 7. Proportionality
- 8. Using the Principles
- Title: Security from First Principles
- Release date: October 2017
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781491996904
You might also like
Python Crash Course, 2nd Edition
This is the second edition of the best selling Python book in the world. Python Crash …
Threat Modeling: Designing for Security
Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of …
CompTIA Cybersecurity Analyst CySA+ (CS0-001)
Over 21 hours of deep-dive training covering every objective in the CompTIA Cybersecurity Analyst CySA+ (CS0-001) …
The Definitive Guide to Java Platform Best Practices–Updated for Java 7, 8, and 9 Java has …