Part I
Applying Key Principles of Security
Chapter 1
Key Principles of Security
Managing information security is difficult. To do it well requires a combination of technical, business, and people skills, many of which are not intuitive. The foundation of information security is risk management. Without a good understanding of risk management, it is impossible to secure any large modern network. More often than not, the failure of network administrators and managers to build a secure network results in the organization s most closely held information being as secure as the lunch menu. Thus, either the lunch menu will be very secure, or the security of important information will be very weak. Neither situation is workable in the long run.
Not every network administrator is a security expert, and most need not be. However, all network administrators must understand the basics of security. There are several key principles that you can follow to secure your networks and applications. By acting on these key principles when completing your day-to-day tasks, you can secure your network even without being a security expert. And if you are a security specialist or want to become one, you must master these key principles.