The eight rules of security
Recently I have found myself with the opportunity to continue my ambassadorial role as it comes to information security, and provide some teaching on the basics of security as it relates to business. As I sit here and reflect on just what should be covered in a span of 15 minutes to give the most in depth understanding, I realize that its not such a simple task. Traditionally, people look at the infosec field as something to do about firewalls and antivirus. They treat technology as THE solution, instead of simply the enabler. And itís this fallacy that weakens any security implementation. Security is a process, not a productÖ and should be treated as such. Through the security lifecycle, policy and procedure needs to take precedence over implementation. Itís a bigger part of the circle for a reason.
Anyways, as I think about it more I realize that there are eight components of any good security decision. This isnít new, and has been covered off in writings from people like Kevin Day years ago. And it still applies today. What it comes down to is eight simple rules (commandments so to speak) of information security.
By Dana Epp.
[ Read more ]