20 likes | 35 Views
You must know what needs to be protected and what not, know to that you can set up an exceptional good security.
E N D
What Are The Principles Of Successful Information Security? Information Security seems like a complicated task, but actually the thing isn’t that complicated. You must know what needs to be protected and what not, know to that you can set up an exceptional good security. Twelve Information Security Principles There is no such thing as absolute security. With the advancement of technology and tools, hacker can break through any security measure. There are three goals associated with information security: Confidentiality, Integrity, and Availability. Confidentiality refers to prevention of unauthorized access. Integrity means to keep all the data untouched. Availability means to give access to authorized sources. You must keep layers of security. In case one fails, then the others will be available. There are three elements to secure access: prevention, detection, and response. When left on their own, people tend to make the worst security decisions. Examples include falling for scams, and taking the easy way. Computer security is dependent on two types of requirements: Functional and Assurance. Functional requirements define what a system should do. Assurance requirements describe how a functional requirement should be implemented and verified.
Security=Risk Management. Security works more efficiently if the risk factor is kept in mind if kept in mind on a priority basis. Assessing the risk factor and arranging accordingly can be helpful in the long run. Three type of security controls: Preventative, Detective, and Responsive. Basically this principle states that security controls should have mechanisms to stop a compromise, detect a compromise, and answer to a compromise either in real-time or after. You must not make the network much complex. A complex network is more difficult to secure. Trying to push the management towards spending on security is not a good job. You must explain correctly the need for a particular security resource and why it is the best. People, process, and technology are all necessary to secure the system completely. People are needed to install a particular software or technology in order to keep it all secure. Disclosure of vulnerabilities is good. Let people know about patches and fixes. Not telling users about issues is bad for business. Security through obscurity means that hiding the details of the security mechanism is sufficient to secure the system. The only problem is that if that secret ever gets out, the whole system is compromised. The best way around this is to make sure that no one mechanism is responsible for the security. It is not possible to secure each and everything that is available. The user must understand what needs to be secured and what are they up against. User must take the necessary decision then and the above principles can help them to achieve their goal. Brainware University --------------------