It244 the Principles and Policies of Information Security
The Principles and Policies of Information Security Computer networks have allowed activity that none dreamed possible hundreds of years ago; however, millions of attempts to compromise the security of computer systems are made on a daily basis. Knowing and using the 12 principles of information security allows security professionals to mitigate most threats to data security. By understanding the different types of security policies, effective policies can be put into place that ensure better information security. What security professionals must find paramount is that 100% secured is impossible to achieve.
The 12 Principles Given enough time, a person with the right skills and proper tools can break through any lock. Relate this to a thief with a safe; eventually even a steel wall can be compromised. No matter what a person does to protect something, that protection only buys time until the security is ultimately breached (Merkow & Breithaupt, 2006). The second principle states that all information security policies try to address at least one of these principles: confidentiality, integrity, and availability. Suppose someone gains unauthorized access to sensitive data; already the confidentiality of the data is breached. Should the user have sufficient access, the data could be changed therefore ruining its integrity. This situation could arise through access permissions being set incorrectly (Merkow & Breithaupt, 2006). Principle three: defense in layers. Cybercriminals should always be forced to break through multiple safeguards if they are to gain access. Much like a medieval castle was built with bridges, walls, and inner walls to provide layers of defense, so too are today’s information security systems (Merkow & Breithaupt, 2006). Principle four: people will always make poor security decisions if they are not educated to avoid such behavior. We hear so much about the dangers of opening email attachments from people unfamiliar to us; however when
The 12 Principles Given enough time, a person with the right skills and proper tools can break through any lock. Relate this to a thief with a safe; eventually even a steel wall can be compromised. No matter what a person does to protect something, that protection only buys time until the security is ultimately breached (Merkow & Breithaupt, 2006). The second principle states that all information security policies try to address at least one of these principles: confidentiality, integrity, and availability. Suppose someone gains unauthorized access to sensitive data; already the confidentiality of the data is breached. Should the user have sufficient access, the data could be changed therefore ruining its integrity. This situation could arise through access permissions being set incorrectly (Merkow & Breithaupt, 2006). Principle three: defense in layers. Cybercriminals should always be forced to break through multiple safeguards if they are to gain access. Much like a medieval castle was built with bridges, walls, and inner walls to provide layers of defense, so too are today’s information security systems (Merkow & Breithaupt, 2006). Principle four: people will always make poor security decisions if they are not educated to avoid such behavior. We hear so much about the dangers of opening email attachments from people unfamiliar to us; however when