8 Fundamental Principles of Information Security
- Principle 4: Systems Owners Have Security Responsibilities Outside Their Own Organization
Since an organization serves private and commercial users, it should provide security to systems accessed from the outside by users, and not only to its own employees.
- Principle 5: Computer Security Responsibilities and Accountability Should Be Made Explicit
An organization should avoid hiding security incidents and should take responsibility for them, both to avoid loss of reputation from its customers and legal actions.
- Principle 6: Computer Security Requires a Comprehensive and Integrated Approach
To maximize efficiency, all the business's systems and related departments must work in perfect harmony.
- Principle 7: Computer Security Should Be Periodically Reassessed
Because technology changes rapidly, and because new flaws are discovered now and then, a company must re-think its security approaches from time to time and decide if any changes / updates should be applied.
- Principle 8: Computer Security is Constrained by Societal Factors
E.g.: tracking geolocation for security purposes may be limited by privacy laws, which the company must respect.