8 Fundamental Principles of Information Security
The principles below were published back in 1966 by the National Institute of Standards and Technology (NIST) as part of "Special Publication 800-14". These fundamental expectations are valid and relevant even in today’s context:
- Principle 1: Computer Security Supports the Mission of an Organization
Without enforcing computer security, the organization will suffer damages from cyberattacks, which, in turn, undermines the goals and mission of the organization. - Principle 2: Computer Security is an Integral Element of Sound Management
A sign of strong organization management is when the business secures itself from cyber attacks. Ignoring computer security is an organization's big mistake. - Principle 3: Computer Security Should Be Cost-Effective
Every business has its own needs. It can't protect itself from all possible attacks, so it must decide which threats should have the highest focus priority and address them within the budget limits. The company should purchase a security system only if its benefits supersede, or at least equal, the costs of its purchase and implementation.
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.