For security controls to be effective, apply the pillars of information security
— Principle of least privilege
— Separation of duties
— Economy of mechanisim
— Complete mediation
— Open design
Least privilege is Need to Know principle or default deny -essentially, don’t permit more then required to meet the business requirement to avoid extra risk
For separation of duties we don’t want to give any individual so much control that they become a security risk without proper check and balance inplace
The principle of economy of mechanism basically says that more complexity we introduce into security system, creates potential for failures
Complete Mediation says that control cannot be bypassed – no unofficial back doors
Open design – the securty of the system must not be based on the obscurity of the mechanism
Information Security: Principles and Practice
June 18th, 2012 3:07 pm
Your controls of security and its principles are very informative. Thanks for the article.
January 25th, 2019 4:27 pm
[…] of Duties (SoD) is not only an important principle of security but SoD control A10.1.3 of ISO 27001 wants organizations to implement this […]