Function and Requirements is the fifth principle for information security. Function details what the system should be doing and the assurance requirements describe how the functions should be implemented. The following two questions should be asked when this principle comes into play; does the system do the right thing? Does the system do the right things and in the right way. The sixth principle is that Security through Obscurity is Not an Answer. This principle simply means that if you believe that hiding information can prevent hackers from hacking into your system then you are mistaken. By misleading anyone into a sense of false security is more detrimental than anything. Risk Management is the seventh principle. Its’ simple to understand this principle, what is the consequence of this loss and would this loss occur again. The eight principles are preventative, detective and responsive controls. Take the steps to detect the threat, prevent it and lastly respond while the threat is occurring or after. What this means is that it will detect the threat, try to prevent the threat from happening. Complexity is The Enemy of Security is the ninth
Function and Requirements is the fifth principle for information security. Function details what the system should be doing and the assurance requirements describe how the functions should be implemented. The following two questions should be asked when this principle comes into play; does the system do the right thing? Does the system do the right things and in the right way. The sixth principle is that Security through Obscurity is Not an Answer. This principle simply means that if you believe that hiding information can prevent hackers from hacking into your system then you are mistaken. By misleading anyone into a sense of false security is more detrimental than anything. Risk Management is the seventh principle. Its’ simple to understand this principle, what is the consequence of this loss and would this loss occur again. The eight principles are preventative, detective and responsive controls. Take the steps to detect the threat, prevent it and lastly respond while the threat is occurring or after. What this means is that it will detect the threat, try to prevent the threat from happening. Complexity is The Enemy of Security is the ninth