12 Principles

There be 12 basic principles to Information security department. The outgrowth principle is that there is no such thing as unconditional security. What this means is that with the correct tolls, skills and time any mavin can hack into a governing body. The sec principle are the three security goals, which are C. I. A Confidentiality, fair play and Availability. What this means is that everyone must consider what data they fate to be protected.It as well means that one must be sure as to whom they want to access this information and when they should access this information. The third principle is when a order is protecting their data with armed guards, cameras, safes and secured passwords. This principle is called Defense In Depth. The one-quarter principle is when people are left alone they tend to possess the worst decisions. Function and Requirements is the fifth principle for information security.Function details what the ashes should be doing and the assurance requir ements describe how the functions should be implemented. The following two questions should be asked when this principle comes into play does the system do the right thing? Does the system do the right things and in the right way. The sixth principle is that Security through Obscurity is Not an Answer. This principle simply means that if you swear that hiding information can prevent hackers from hacking into your system then you are mistaken.By misleading anyone into a sense of false security is more bad than anything. Risk Management is the seventh principle. Its simple to understand this principle, what is the consequence of this damage and would this loss occur again. The eight principles are preventative, detective and responsive controls. military issue the steps to detect the nemesis, prevent it and lastly respond while the bane is occurring or after. What this means is that it will detect the threat, try to prevent the threat from happening.Complexity is The Enemy of Se curity is the ninth principle, this means that the more interfacing with programs the more heavy it becomes to protect the data. The tenth principle is that fear, uncertainty and doubt do non when trying to use scare tactics when selling products for security. No one will by products if they feel they are extremely scared. Now a days companies want to know what they are purchasing and why they should be so fearful. The eleventh principle is that people, process, and technology are all needful to adequately secure a system or facility.This means that in order for everything to work correctly we should not base all process solely off of technology but on the people in takes to run and process the information. This process helps to curb that everything runs smoothly. The last principle is unsolved disclosures of Vulnerabilities is Good for Security, which means that by letting everyone know what can be hacked into can let the companies know what measures need to be taken to ensure that it does not happen again. If it were closed off to the world then problems that muster would never be fixed or maintained.