Book description
Today, a spate of best practices guides, checklists, policies, and standards pervade nearly every part of information security practice. Some are well thought out and well written, others less so. How do you evaluate them? This report explores the Information Security Practice Principles on which all security operates. Created by analysts at Indiana University’s Center for Applied Cybersecurity Research, these Principles enable you to assess any guide, policy, or standard—and even create new ones.
The Principles provide a framework to help you reason through security implications of devices and systems, regardless of how novel or new that technology may be. You’ll be able to analyze and understand security policy, technological controls, and physical security, and assess vendor solutions.
Written by the Principle’s authors, this report walks InfoSec professionals, managers and executives, and IT engineers through seven principles—Comprehensivity, Opportunity, Rigor, Minimization, Compartmentation, Fault Tolerance, and Proportionality—and explains how they apply in both technical and human/policy contexts.
Discover why many organizations have approached the Center for Applied Cybersecurity Research when they have questions about technologies, networks, and organizational structures that are unconventional, complex, or unexplored.
Product information
- Title: Security from First Principles
- Author(s):
- Release date: October 2017
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781491996904
You might also like
article
Managing Encryption Keys
This collection of shortcuts provides a practical and concise guide to securing cloud environments. It covers …
book
Security De-Engineering
With organizations facing growing security challenges from both automated and manual attacks, these incidents now represent …
book
Internet Security: How to Defend Against Attackers on the Web, 2nd Edition
The Second Edition of Security Strategies in Web Applications and Social Networking provides an in-depth look …
book
Hacker Techniques, Tools, and Incident Handling
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES! Hacker Techniques, …