Introduction to the Rules

Frequently, there are so many interwoven elements surrounding a given situation that the best security solution becomes obscured. This causes many organizations to make bad security decisions on a regular basis. Effective security decisions must be consistent and based on sound reasoning that balances both the immediate and long-term impacts. A decision made about one security issue should be in line with previous decisions and with those decisions that will be made in the future. Making ad hoc decisions will eventually lead to flawed security practices. Thus, security is best approached as a series of rules based on the fundamental virtues we just discussed.

Making security decisions from a standard series of logical, constant, and universal rules is a common practice among good security professionals. Often unaware of it, the best security professionals simply follow a similar series of logical security rules over and over again. Therefore, it is reasonable to conclude that everyone can make good security decisions if they simply learn to follow similar essential rules. The eight essential rules of security are:

graphics/04fig01a.gif

In a moment, we will begin a walk through the eight essential rules of security. Understanding and applying these rules will build a foundation for creating strong and formal practices through which we can make intelligent and consistent decisions. Remember while reading this section that each rule, though specific in its construct, needs to be thought of as universal in its application. The reader will, of course, quickly think of specific applications to each rule within the context of a specific situation. However, it is when we are able to retain these key concepts in our minds for all security decisions, even if they do not seem obviously applicable, that we will be ready to deal with our real security challenges. The examples I give for each rule are intended to be just that, examples. Keep in mind that when an example is given using a server, that same rule also applies to securing a physical room, writing a policy, developing an application, or any number of real-world events.



Inside the Security Mind(c) Making the Tough Decisions
Inside the Security Mind: Making the Tough Decisions
ISBN: 0131118293
EAN: 2147483647
Year: 2006
Pages: 119
Authors: Kevin Day

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net