8 Fundamental Principles of Information Security

  1. Principle 4: Systems Owners Have Security Responsibilities Outside Their Own Organization
    Since an organization serves private and commercial users, it should provide security to systems accessed from the outside by users, and not only to its own employees.
  2. Principle 5: Computer Security Responsibilities and Accountability Should Be Made Explicit
    An organization should avoid hiding security incidents and should take responsibility for them, both to avoid loss of reputation from its customers and legal actions.
  3. Principle 6: Computer Security Requires a Comprehensive and Integrated Approach
    To maximize efficiency, all the business's systems and related departments must work in perfect harmony.
  4. Principle 7: Computer Security Should Be Periodically Reassessed
    Because technology changes rapidly, and because new flaws are discovered now and then, a company must re-think its security approaches from time to time and decide if any changes / updates should be applied.
  5. Principle 8: Computer Security is Constrained by Societal Factors
    E.g.: tracking geolocation for security purposes may be limited by privacy laws, which the company must respect.
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.