Book Description
Today, a spate of best practices guides, checklists, policies, and standards pervade nearly every part of information security practice. Some are well thought out and well written, others less so. How do you evaluate them? This report explores the Information Security Practice Principles on which all security operates. Created by analysts at Indiana University’s Center for Applied Cybersecurity Research, these Principles enable you to assess any guide, policy, or standard—and even create new ones.
The Principles provide a framework to help you reason through security implications of devices and systems, regardless of how novel or new that technology may be. You’ll be able to analyze and understand security policy, technological controls, and physical security, and assess vendor solutions.
Written by the Principle’s authors, this report walks InfoSec professionals, managers and executives, and IT engineers through seven principles—Comprehensivity, Opportunity, Rigor, Minimization, Compartmentation, Fault Tolerance, and Proportionality—and explains how they apply in both technical and human/policy contexts.
Discover why many organizations have approached the Center for Applied Cybersecurity Research when they have questions about technologies, networks, and organizational structures that are unconventional, complex, or unexplored.