jess LAND
       www.jessland.net
        Sponsored by:       
One eSecurity
www.one-esecurity.com
JISK Knowledgebase >>    About    News    Essentials    Architecture    FWs    IDS/IPS    Honeypots    Malware    Forensics   
  +  JSS Home    Projects    JSS Community    Events    News    Docs    About    Contact .

JISK > Essentials > Areas > Security Principles Essentials Section Map

Security Principles & Strategies

Content Leader: Jess Garcia - Last Updated: January 23, 2007


Security Parameters

  • Confidentiality
  • Integrity
  • Availability

Security Principles & Strategies

  • Principle of least privilege.
  • Defense in depth - Layered Security.
  • Limited Trust: Trust no-one, nothing.
  • “Know Yourself & Know Your Enemy”.
  • Security through obscurity.
  • Biodiversity.

Implementation

  • Identify critical/most exposed assets & put your efforts on defending them.
  • Mitigate Risk.
  • Defend from inside threats.
  • Review & Audit Policies, Processes & Technologies Periodically.
  • Plan for the worse and hope for the best.
  • Anything that makes security easier, probably creates a security flaw.
  • Good security is not characteristic of a product but of a deployment.

In the Real World

  • Nothing is secure.
  • Prevention is ideal but detection is a must.
  • Paranoia is your friend.
  • You can prove that a system is not secure; you just cannot prove that it is secure.
  • Security is a trade-off with usability.
  • Defenders have to "win" every single day; Attackers only have to win once.

The Human Factor

  • Educate Your Users.
  • Risk assumed by one is shared by all.
  • Never underestimate human stupidity.
  • Don’t forget about the Political Layer

Questions

  • How secure is secure enough?
  • "Sure, I'm paranoid, but am I paranoid enough?"

Copyright © 2000-2008 Jessland - Jess Garcia's Website - All rights reserved.