Define How to Protect It

Defining the protection process creates a framework in which to build security processes and evaluate security products. This foundation should define the attributes of the system (availability, confidentiality, integrity) which need protection, the priorities in protecting them, and the processes to be used to protect them. A number of security principles should be utilized.

Defense in Depth

No single security measure will stop all attacks against a resource's availability, confidentiality, and integrity, so multiple measures have to be used. Defense in depth says that there should be layers of security, each addressing specific security issues. This layering creates a more comprehensive security solution. It also require's that an attacker penetrate layer them to get access to the resources.

Isolation

Isolation protects processes from the side effects of other processes. The further isolated a system is from an untrusted area, the less likely it is to be compromised. Physical separation provides isolation. This can be applied to isolating networks, or power sources.

Separation of Duties

Separation of duties provides accountability by requiring different people to perform the different steps in a process. This increases the complexity of committing fraud by requiring that multiple people be involved. Having more people required to commit fraud increases opportunities for mistakes or the likelihood that someone will talk.

Least Privileges

The principle of least privilege is that a person should be given no more than the very least privileges needed, for the minimum amount of time required to perform his or her duties. This minimizes the opportunity to abuse these privileges and the possibility of accidental abuse of privileges.

The level of privileges granted should be based on a business need and justification. This exercise will help clarify the business processes and the security issues with them.

Set Minimum Security Requirements

Minimum security requirements should be defined. These will set a base line of security which must be met. Document all exceptions with a business justification and a definition of what is being done instead to mitigate the specific risk.

Implement Change Control

Most vulnerabilities are a result of inadequate management of change ” changes to source code, changes to system configuration, or changes in personnel. A controlled change-management procedure can help eliminate the mistakes and improve the likelihood that malicious changes will be caught.