We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

The Principles and Policies of Information Security Essay Sample

  • Pages: 4
  • Word count: 898
  • Rewriting Possibility: 99% (excellent)
  • Category: security

Get Full Essay

Get access to this section to get all help you need with your essay and educational issues.

Get Access

Introduction of TOPIC

Computer networks have allowed activity that none dreamed possible hundreds of years ago; however, millions of attempts to compromise the security of computer systems are made on a daily basis. Knowing and using the 12 principles of information security allows security professionals to mitigate most threats to data security. By understanding the different types of security policies, effective policies can be put into place that ensure better information security. What security professionals must find paramount is that 100% secured is impossible to achieve. The 12 Principles

Given enough time, a person with the right skills and proper tools can break through any lock. Relate this to a thief with a safe; eventually even a steel wall can be compromised. No matter what a person does to protect something, that protection only buys time until the security is ultimately breached (Merkow & Breithaupt, 2006).

The second principle states that all information security policies try to address at least one of these principles: confidentiality, integrity, and availability. Suppose someone gains unauthorized access to sensitive data; already the confidentiality of the data is breached. Should the user have sufficient access, the data could be changed therefore ruining its integrity. This situation could arise through access permissions being set incorrectly (Merkow & Breithaupt, 2006).

Principle three: defense in layers. Cybercriminals should always be forced to break through multiple safeguards if they are to gain access. Much like a medieval castle was built with bridges, walls, and inner walls to provide layers of defense, so too are today’s information security systems (Merkow & Breithaupt, 2006).

Principle four: people will always make poor security decisions if they are not educated to avoid such behavior. We hear so much about the dangers of opening email attachments from people unfamiliar to us; however when presented with the possibility of seeing adult content, people inadvertently spread the Anna Kournikova virus through email in 2001 (Merkow & Breithaupt, 2006).

The fifth principle deals with functional requi

rements and assurance requirements. These requirements amount to satisfying the following questions:

Sorry, but full essay samples are available only for registered users

Choose a Membership Plan
does the system do the right things, and does the system do them in the right way (Merkow & Breithaupt, 2006)? For example, does a computer run a program? Does it do so without consuming too much memory?

Principle six: obscurity does not lead to security. Once it is discovered how a system is secured, the methods are likely to be divulged to many interested parties (Merkow & Breithaupt, 2006). An example is when a secret recipe like KFC’s is discovered; soon, everyone is aware of how to go about making their own tasty chicken.

Principle seven: no security measure should ever cost more to implement than the value of what it protects (Merkow & Breithaupt, 2006). Who would ever consider spending $10 on a lock for a box that contains a few dollars in change?

Preventative, detective, and responsive security measures comprise the eighth principle. Preventative measures seek to physically keep someone or something out, while detective measures identify when preventative measures have been breached. Responsive measures include alarms that may sound to alert the proper people when other security measures have failed (Merkow & Breithaupt, 2006).

Principle nine: complexity is the enemy of security. The more complex any system becomes, the harder it becomes to secure each of its working parts (Merkow & Breithaupt, 2006). Consider the PSTN; securing this type of network is difficult because data is flowing in every direction imaginable.

Principle ten: fear, uncertainty, and doubt do not work to sell security. Managers who spend money on security want justification to ensure the expenditure makes proper business sense (Merkow & Breithaupt, 2006).

The eleventh principle presents the idea that people, process, and technology work together to secure anything. An example is adding new users to corporate networks. A form is usually filled out that a manager must approve, and then the system configuration ensures that user gets proper access (Merkow & Breithaupt, 2006).

Disclosing vulnerabilities is addressed by principle 12. Making those people who can do something about a vulnerability aware of it will get something done about it (Merkow & Breithaupt, 2006). A patch can be written or a firmware upgraded. Microsoft is always patching Vista to provide better security. Types of Policies

Security policies come in four varieties. Program-level policies establish security programs, delegate management responsibilities, state the purpose and objective of the policy, and create a basis for policy compliance. Program-framework policies are directions for various program implementations. Examples include business continuity planning, physical security, and application development security. Issue-specific policies identify specific issues and shape the position of the organization. Finally, system-specific policies focus on specific situations that may arise in a system and define what is to be done (Merkow & Breithaupt, 2006). Summation

Effective security systems are built with an understanding of the 12 principles. The four types of policy are instituted effectively only when the 12 principles are completely understood. What must always be remembered is that security systems are never failsafe and that the only reason they exist is to buy time.

We can write a custom essay on

The Principles and Policies of Information Securit ...
According to Your Specific Requirements.

Order an essay

You May Also Find These Documents Helpful

Airline with a strong reputatation

Jetblu’s was thriving young airline with a strong reputatation for outstanding service . But it was previously considered bankrupt by some incidents. But then Jetblu\'s h as determined its course and it has grown to be strong, Jetblue found out some information about customer needs, wants and demands . Human needs are state of felts deprivation with Jetblu the customer needs is food ,to sit and security . The next, Wants are the form human needs take as they are shaped by culture and individual personanity ,Jetblu determines it is coffee juices and snacks such as comfortable sit , entertainment, variety of channels ,nice and comfortable terminal with more security lances and free Wi-fi . For example one customer describes snacking on JetBlue as an ‘’open bar for snack. They are constantly walking around offering it. I never feel thirsty. I never feel hungry. It’s not Here have a little...

Structural building wellbeing and security

Why is it critical to consider structural building wellbeing and security? HR are a standout amongst the most imperative highlights of numerous organizations. A business\' prosperity depends intensely on the viability to which this asset is dealt with \"The wellbeing of a country is the abundance of a country\" (Fraser, 2004), a similar idea applies to business. The wellbeing and security of an organization\'s human asset is a gigantic supporter of the achievement of that business. Great wellbeing and security at work isn\'t just imperative in human terms, yet it is additionally a standout amongst the best approaches to guarantee that the undertakings are fruitful and feasible. Wellbeing and security in the work environment has a long history; it goes back to the mid 1800\'s the point at which the \"Wellbeing and Morals of Apprentices Act 1802\" was passed. This was the principal bit of defensive enactment for laborers with...

Benefits of Managing Health Safety And Security

Benefits of managing health, safety and security within Alton Leisure Centre and Physicals Health Club (both in Alton) Alton Leisure Centre Risk Assessment are always completed about once a week, it is good they do a risk assessment because it makes the centre to maintain healthy, safe and secured Health and Safety training for all staff – once a week training, therefore if an incident has happened, all staff are qualified to sort out the problem. Lifeguard training – once a week training, this is useful because if an incident e.g. someone drowning, staffs are qualified to help and save someone from drowning. Very Clean Facilities e.g. court, changing room and toilet; this makes sure the centre is very hygienic. CCTV in major areas e.g. reception, reason for this are if a missing child or prevents theft. Fire and Chlorine Practice for all staff, this helps all staff to know...

Popular Essays


Emma Taylor


Hi there!
Would you like to get such a paper?
How about getting a customized one?