Principles of Information Security
For security controls to be effective apply the pillars of information security
–Principle of least privilege
–Separation of duties
–Economy of mechanism
–Complete mediation
–Open design
Least Privilege
• “Need to Know”
• Default deny – essentially , don’t permit any more to occur than is required to meet business or functional objectives
• Anything extra introduces risk
Separation of Duties
• The [...]