There are 12 basic principles to Information Security.The first principle is that there is no such thing as absolute security.What this means is that with the correct tolls, skills and time anyone can hack into a system.
The second principle are the three security goals, which are C.
I. A; Confidentiality, Integrity and Availability. What this means is that everyone must consider what data they want to be protected.It also means that one must be sure as to whom they want to access this information and when they should access this information. The third principle is when a company is protecting their data with armed guards, cameras, safes and secured passwords. This principle is called Defense In Depth. The fourth principle is when people are left alone they tend to make the worst decisions.
Function and Requirements is the fifth principle for information security.Function details what the system should be doing and the assurance requirements describe how the functions should be implemented. The following two questions should be asked when this principle comes into play; does the system do the right thing? Does the system do the right things and in the right way. The sixth principle is that Security through Obscurity is Not an Answer. This principle simply means that if you believe that hiding information can prevent hackers from hacking into your system then you are mistaken.By misleading anyone into a sense of false security is more detrimental than anything. Risk Management is the seventh principle.
Its’ simple to understand this principle, what is the consequence of this loss and would this loss occur again. The eight principles are preventative, detective and responsive controls. Take the steps to detect the threat, prevent it and lastly respond while the threat is occurring or after. What this means is that it will detect the threat, try to prevent the threat from happening.Complexity is The Enemy of Security is the ninth principle, this means that the more interfacing with programs the more difficult it becomes to protect the data. The tenth principle is that fear, uncertainty and doubt do not when trying to use scare tactics when selling products for security. No one will by products if they feel they are extremely scared.
Now a days companies want to know what they are purchasing and why they should be so fearful. The eleventh principle is that people, process, and technology are all needed to adequately secure a system or facility.This means that in order for everything to work correctly we should not base all operation solely off of technology but on the people in takes to run and process the information. This process helps to ensure that everything runs smoothly. The last principle is Open disclosures of Vulnerabilities is Good for Security, which means that by letting everyone know what can be hacked into can let the companies know what measures need to be taken to ensure that it does not happen again. If it were closed off to the world then problems that arise would never be fixed or maintained.