Principles of Security
Your Name Axia College of University of Phoenix
Principles of Security Introduction This paper introduces the 12 principles of information security, their relatedness to real-life situations as well as the four types of security policies. Explaining the fundamentals of information security principles, brings an understanding of good security practices and how each one is applied to different life situations. Principles of Information Security Principle 1: No absolute security.
This principle entails safe locks considerations (tamper resistant, but possible to be broken through), safe lock approach (an evaluation is given after testers get sufficient time and tools). Principle 2: Security goals are confidentiality, integrity and availability. Confidentiality only relates to authorized individual or systems (Merkow & Breithaupt, 2006). An example would be making an internet card transaction requires the transmittance of the card number from the buyer to the merchant and from the business to a processing network. Integrity means the assurance that the data is not modified without permission. Real-life example of integrity violation would be an employee deletes important data or modifies his own salary in the company’s database. Availability is the principle of information being available when it is needed and ensures the guaranteed access despite failures and attacks. Principle 3: Defense in depth as strategy.
This principle is based on layered security when common layers provide three elements: prevention, detection and response. Principle 4: When left on their own, people tend to make the worst security decisions. Example: 2003...
Please join StudyMode to read the full document