Today, a spate of best practices guides, checklists, policies, and standards pervade nearly every part of information security practice. Some are well thought out and well written, others less so. How do you evaluate them? This report explores the Information Security Practice Principles on which all security operates. Created by analysts at Indiana University’s Center for Applied Cybersecurity Research, these Principles enable you to assess any guide, policy, or standard—and even create new ones.
The Principles provide a framework to help you reason through security implications of devices and systems, regardless of how novel or new that technology may be. You’ll be able to analyze and understand security policy, technological controls, and physical security, and assess vendor solutions.
Written by the Principle’s authors, this report walks InfoSec professionals, managers and executives, and IT engineers through seven principles—Comprehensivity, Opportunity, Rigor, Minimization, Compartmentation, Fault Tolerance, and Proportionality—and explains how they apply in both technical and human/policy contexts.
Discover why many organizations have approached the Center for Applied Cybersecurity Research when they have questions about technologies, networks, and organizational structures that are unconventional, complex, or unexplored.
Table of contents
- About CACR
- 1. Comprehensivity
- 2. Opportunity
- 3. Rigor
- 4. Minimization
- 5. Compartmentation
- 6. Fault Tolerance
- 7. Proportionality
- 8. Using the Principles
- Title: Security from First Principles
- Release date: October 2017
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781491996904
You might also like
40 Algorithms Every Programmer Should Know
Learn algorithms for solving classic computer science problems with this concise guide covering everything from fundamental …
Software Engineering at Google
Today, software engineers need to know not only how to program effectively but also how to …
Head First Design Patterns, 2nd Edition
You know you don’t want to reinvent the wheel, so you look to design patterns—the lessons …
Building Microservices, 2nd Edition
Distributed systems have become more fine-grained as organizations shift from code-heavy monolithic applications to smaller, self-contained …