Information Security Principles

Fig: Information Security Principles

Hi Folks, 

This is our first post for you from us towards Security Fundamentals so, let's try to understand some basics goals of Information Security.

We will discuss some principles here:

• There Is No Such Thing As Absolute Security
• he Three Security Goals Are Confidentiality, Integrity, and Availability
• Defense in Depth as Strategy
• When Left on Their Own, People Tend to Make the Worst Security Decisions
• Computer Security Depends on Two Types of Requirements: Functional and Assurance
• Security Through Obscurity Is Not an Answer
• Security = Risk Management
• The Three Types of Security Controls Are Preventative, Detective, and Responsive
• Complexity Is the Enemy of Security
• Fear, Uncertainty, and Doubt Do Not Work in Selling Security
• People, Process, and Technology Are All Needed to Adequately Secure a System or Facility
• Open Disclosure of Vulnerabilities Is Good for Security