We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

The Principles and Policies of Information Security Essay Sample

The whole doc is available only for registered users OPEN DOC
  • Pages:
  • Word count: 858
  • Category: security

Get Full Essay

Get access to this section to get all the help you need with your essay and educational goals.

Get Access

The Principles and Policies of Information Security Essay Sample

Computer networks have allowed activity that none dreamed possible hundreds of years ago; however, millions of attempts to compromise the security of computer systems are made on a daily basis. Knowing and using the 12 principles of information security allows security professionals to mitigate most threats to data security. By understanding the different types of security policies, effective policies can be put into place that ensure better information security. What security professionals must find paramount is that 100% secured is impossible to achieve. The 12 Principles

Given enough time, a person with the right skills and proper tools can break through any lock. Relate this to a thief with a safe; eventually even a steel wall can be compromised. No matter what a person does to protect something, that protection only buys time until the security is ultimately breached (Merkow & Breithaupt, 2006).

The second principle states that all information security policies try to address at least one of these principles: confidentiality, integrity, and availability. Suppose someone gains unauthorized access to sensitive data; already the confidentiality of the data is breached. Should the user have sufficient access, the data could be changed therefore ruining its integrity. This situation could arise through access permissions being set incorrectly (Merkow & Breithaupt, 2006).

Principle three: defense in layers. Cybercriminals should always be forced to break through multiple safeguards if they are to gain access. Much like a medieval castle was built with bridges, walls, and inner walls to provide layers of defense, so too are today’s information security systems (Merkow & Breithaupt, 2006).

Principle four: people will always make poor security decisions if they are not educated to avoid such behavior. We hear so much about the dangers of opening email attachments from people unfamiliar to us; however when presented with the possibility of seeing adult content, people inadvertently spread the Anna Kournikova virus through email in 2001 (Merkow & Breithaupt, 2006).

The fifth principle deals with functional requirements and assurance requirements. These requirements amount to satisfying the following questions: does the system do the right things, and does the system do them in the right way (Merkow & Breithaupt, 2006)? For example, does a computer run a program? Does it do so without consuming too much memory?

Principle six: obscurity does not lead to security. Once it is discovered how a system is secured, the methods are likely to be divulged to many interested parties (Merkow & Breithaupt, 2006). An example is when a secret recipe like KFC’s is discovered; soon, everyone is aware of how to go about making their own tasty chicken.

Principle seven: no security measure should ever cost more to implement than the value of what it protects (Merkow & Breithaupt, 2006). Who would ever consider spending $10 on a lock for a box that contains a few dollars in change?

Preventative, detective, and responsive security measures comprise the eighth principle. Preventative measures seek to physically keep someone or something out, while detective measures identify when preventative measures have been breached. Responsive measures include alarms that may sound to alert the proper people when other security measures have failed (Merkow & Breithaupt, 2006).

Principle nine: complexity is the enemy of security. The more complex any system becomes, the harder it becomes to secure each of its working parts (Merkow & Breithaupt, 2006). Consider the PSTN; securing this type of network is difficult because data is flowing in every direction imaginable.

Principle ten: fear, uncertainty, and doubt do not work to sell security. Managers who spend money on security want justification to ensure the expenditure makes proper business sense (Merkow & Breithaupt, 2006).

The eleventh principle presents the idea that people, process, and technology work together to secure anything. An example is adding new users to corporate networks. A form is usually filled out that a manager must approve, and then the system configuration ensures that user gets proper access (Merkow & Breithaupt, 2006).

Disclosing vulnerabilities is addressed by principle 12. Making those people who can do something about a vulnerability aware of it will get something done about it (Merkow & Breithaupt, 2006). A patch can be written or a firmware upgraded. Microsoft is always patching Vista to provide better security. Types of Policies

Security policies come in four varieties. Program-level policies establish security programs, delegate management responsibilities, state the purpose and objective of the policy, and create a basis for policy compliance. Program-framework policies are directions for various program implementations. Examples include business continuity planning, physical security, and application development security. Issue-specific policies identify specific issues and shape the position of the organization. Finally, system-specific policies focus on specific situations that may arise in a system and define what is to be done (Merkow & Breithaupt, 2006). Summation

Effective security systems are built with an understanding of the 12 principles. The four types of policy are instituted effectively only when the 12 principles are completely understood. What must always be remembered is that security systems are never failsafe and that the only reason they exist is to buy time.

We can write a custom essay

According to Your Specific Requirements

Order an essay

You May Also Find These Documents Helpful

Airline with a strong reputatation

Jetblu’s was thriving young airline with a strong reputatation for outstanding service . But it was previously considered bankrupt by some incidents. But then Jetblu\'s h as determined its course and it has grown to be strong, Jetblue found out some information about customer needs, wants and demands . Human needs are state of felts deprivation with Jetblu the customer needs is food ,to sit...

Structural building wellbeing and security

Why is it critical to consider structural building wellbeing and security? HR are a standout amongst the most imperative highlights of numerous organizations. A business\' prosperity depends intensely on the viability to which this asset is dealt with \"The wellbeing of a country is the abundance of a country\" (Fraser, 2004), a similar idea applies to business. The wellbeing and security of an organization\'s human...

Benefits of Managing Health Safety And Security

Benefits of managing health, safety and security within Alton Leisure Centre and Physicals Health Club (both in Alton) Alton Leisure Centre Risk Assessment are always completed about once a week, it is good they do a risk assessment because it makes the centre to maintain healthy, safe and secured Health and Safety training for all staff – once a week training, therefore if an incident...

GCSE I.T Security Case Study - Riverside...

Riverside Leisure Centre is situated in Chelmsford, Essex and is owned by Chelmsford Borough Council. They have had only one reported unauthorised entry to the complex in the last five years. The complex contains three swimming pools, an outdoor, heated indoor and a toddler indoor. It also has a Techno gym, ice rink, sports hall, licensed bar and a children's indoor play area. Due to...

IT Security and Control

I. Introduction An information security policy facilitates the communication of security procedures to users and makes them more aware of potential security threats and associated business risks. Security policies protect an organizations IT infrastructure and information. Best practice security policies should be based upon ISO 27002 (formerly ISO 17799) 'Information Technology - Code of Practice for Information Security Management'. ISO 27002 (formerly ISO 17799) establishes...

Get Access To The Full Essay
Materials Daily
100,000+ Subjects
2000+ Topics
Free Plagiarism
All Materials
are Cataloged Well

Sorry, but copying text is forbidden on this website. If you need this or any other sample, we can send it to you via email.

By clicking "SEND", you agree to our terms of service and privacy policy. We'll occasionally send you account related and promo emails.
Sorry, but only registered users have full access

How about getting this access

Become a member

Your Answer Is Very Helpful For Us
Thank You A Lot!


Emma Taylor


Hi there!
Would you like to get such a paper?
How about getting a customized one?

Can't find What you were Looking for?

Get access to our huge, continuously updated knowledge base

The next update will be in:
14 : 59 : 59
Become a Member