Critical concepts of information security
Answers
Answered by
0
the CIA triad is a very critical concept of informational security, and the CIA stand for confidentiality, integrity and availability.
Answered by
2
Information Security is such a broad discipline that it’s easy to get lost in a single area and lose perspective. The discipline covers everything from how high to build the fence outside your business, all the way to how to harden a Windows 2003 server.
It’s important, however, to remember not to get caught up in the specifics. Each best practice is tied directly to a higher, more philosophical security concept, and those concepts are what I intend to discuss here.
Eric Cole’s Four Basic Security Principles
To start with, I’d like to cover eric cole’s four basic security principles. These four concepts should constantly be on the minds of all security professionals.
1)Know Thy System
Perhaps the most important thing when trying to defend a system is knowing that system. It doesn’t matter if it’s a castle or a Linux server — if you don’t know the ins and outs of what you’re actually defending, you have little chance of being successful.
2)Least Privilege
The next über-important concept is that of
least privilege. Least privilege simply says that people and things should only be able to do what they need to do their jobs, and nothing else. The reason I include “things” is that that admins often configure automated tasks that need to be able to do certain things — backups for example. Well, what often happens is the admin will just put the user doing the backup into the domain admins group — even if they could get it to work another way. Why? Because it’s easier.
It’s important, however, to remember not to get caught up in the specifics. Each best practice is tied directly to a higher, more philosophical security concept, and those concepts are what I intend to discuss here.
Eric Cole’s Four Basic Security Principles
To start with, I’d like to cover eric cole’s four basic security principles. These four concepts should constantly be on the minds of all security professionals.
1)Know Thy System
Perhaps the most important thing when trying to defend a system is knowing that system. It doesn’t matter if it’s a castle or a Linux server — if you don’t know the ins and outs of what you’re actually defending, you have little chance of being successful.
2)Least Privilege
The next über-important concept is that of
least privilege. Least privilege simply says that people and things should only be able to do what they need to do their jobs, and nothing else. The reason I include “things” is that that admins often configure automated tasks that need to be able to do certain things — backups for example. Well, what often happens is the admin will just put the user doing the backup into the domain admins group — even if they could get it to work another way. Why? Because it’s easier.
Similar questions