Mar 10 2012

Security Controls and Principles

Category: Information SecurityDISC @ 11:01 pm

For security controls to be effective, apply the pillars of information security

— Principle of least privilege
— Separation of duties
— Economy of mechanisim
— Complete mediation
— Open design

  • Least privilege is Need to Know principle or default deny -essentially, don’t permit more then required to meet the business requirement to avoid extra risk
  • For separation of duties we don’t want to give any individual so much control that they become a security risk without proper check and balance inplace
  • The principle of economy of mechanism basically says that more complexity we introduce into security system, creates potential for failures
  • Complete Mediation says that control cannot be bypassed – no unofficial back doors
  • Open design – the securty of the system must not be based on the obscurity of the mechanism
  • Information Security: Principles and Practice

    2 Responses to “Security Controls and Principles”

    1. Burglar alarm monitoring says:

      Your controls of security and its principles are very informative. Thanks for the article.

    2. Separation of Duties and ISO 27001 says:

      […] of Duties (SoD) is not only an important principle of security but SoD control  A10.1.3 of ISO 27001  wants organizations to implement this […]

    Leave a Reply

    You must be logged in to post a comment. Login now.