The eight rules of security
Recently I have found myself with the opportunity to continue my ambassadorial role as it comes to information security, and provide some teaching on the basics of security as it relates to business. As I sit here and reflect on just what should be covered in a span of 15 minutes to give the most in depth understanding, I realize that its not such a simple task. Traditionally, people look at the infosec field as something to do about firewalls and antivirus. They treat technology as THE solution, instead of simply the enabler. And it’s this fallacy that weakens any security implementation. Security is a process, not a product… and should be treated as such. Through the security lifecycle, policy and procedure needs to take precedence over implementation. It’s a bigger part of the circle for a reason.
Anyways, as I think about it more I realize that there are eight components of any good security decision. This isn’t new, and has been covered off in writings from people like Kevin Day years ago. And it still applies today. What it comes down to is eight simple rules (commandments so to speak) of information security.
By Dana Epp.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.