Today, a spate of best practices guides, checklists, policies, and standards pervade nearly every part of information security practice. Some are well thought out and well written, others less so. How do you evaluate them? This report explores the Information Security Practice Principles on which all security operates. Created by analysts at Indiana University’s Center for Applied Cybersecurity Research, these Principles enable you to assess any guide, policy, or standard—and even create new ones.
The Principles provide a framework to help you reason through security implications of devices and systems, regardless of how novel or new that technology may be. You’ll be able to analyze and understand security policy, technological controls, and physical security, and assess vendor solutions.
Written by the Principle’s authors, this report walks InfoSec professionals, managers and executives, and IT engineers through seven principles—Comprehensivity, Opportunity, Rigor, Minimization, Compartmentation, Fault Tolerance, and Proportionality—and explains how they apply in both technical and human/policy contexts.
Discover why many organizations have approached the Center for Applied Cybersecurity Research when they have questions about technologies, networks, and organizational structures that are unconventional, complex, or unexplored.
Table of contents
- About CACR
- 1. Comprehensivity
- 2. Opportunity
- 3. Rigor
- 4. Minimization
- 5. Compartmentation
- 6. Fault Tolerance
- 7. Proportionality
- 8. Using the Principles
- Title: Security from First Principles
- Release date: October 2017
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781491996904
You might also like
As hacker organizations surpass drug cartels in terms of revenue generation, it is clear that the …
Advanced Internet Protocols, Services, and Applications
Today, the internet and computer networking are essential parts of business, learning, and personal communications and …
Legal Issues in Information Security
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES! Legal Issues …
Thinking Security: Stopping Next Year’s Hackers
If you’re a security or network professional, you already know the “do’s and don’ts”: run AV …