Mar 10 2012

Security Controls and Principles

Category: Information SecurityDISC @ 11:01 pm

For security controls to be effective, apply the pillars of information security

— Principle of least privilege
— Separation of duties
— Economy of mechanisim
— Complete mediation
— Open design

  • Least privilege is Need to Know principle or default deny -essentially, don’t permit more then required to meet the business requirement to avoid extra risk
  • For separation of duties we don’t want to give any individual so much control that they become a security risk without proper check and balance inplace
  • The principle of economy of mechanism basically says that more complexity we introduce into security system, creates potential for failures
  • Complete Mediation says that control cannot be bypassed – no unofficial back doors
  • Open design – the securty of the system must not be based on the obscurity of the mechanism

    • Information Security: Principles and Practice

    2 Responses to “Security Controls and Principles”

    1. Burglar alarm monitoring says:
      June 18th, 2012 3:07 pm

      Your controls of security and its principles are very informative. Thanks for the article.

    2. Separation of Duties and ISO 27001 says:
      January 25th, 2019 4:27 pm

      […] of Duties (SoD) is not only an important principle of security but SoD control  A10.1.3 of ISO 27001  wants organizations to implement this […]

    Leave a Reply

    You must be logged in to post a comment. Login now.