12 Principles

There are 12 basic principles to Information Security. The first principle is that there is no such thing as absolute security. What this means is that with the correct tolls, skills and time anyone can hack into a system. The second principle are the three security goals, which are C.I.A; Confidentiality, Integrity and Availability. What this means is that everyone must consider what data they want to be protected. It also means that one must be sure as to whom they want to access this information and when they should access this information. The third principle is when a company is protecting their data with armed guards, cameras, safes and secured passwords. This principle is called Defense In Depth. The fourth principle is when people are left alone they tend to make the worst decisions.

Function and Requirements is the fifth principle for information security. Function details what the system should be doing and the assurance requirements describe how the functions should be implemented. The following two questions should be asked when this principle comes into play; does the system do the right thing? Does the system do the right things and in the right way. The sixth principle is that Security through Obscurity is Not an Answer. This principle simply means that if you believe that hiding information can prevent hackers from hacking into your system then you are mistaken. By misleading anyone into a sense of false security is more detrimental than anything. Risk Management is the seventh principle. Its’ simple to understand this principle, what is the consequence of this loss and would this loss occur again. The eight principles are preventative, detective and responsive controls. Take the steps to detect the threat, prevent it and lastly respond while the threat is occurring or after. What this means is that it will detect the threat, try to prevent the threat from happening. Complexity is The Enemy of Security is the ninth