Top 10 Laws Of Security Essay

1706 words - 7 pages

Abstract

It is very important to realize and understand the laws of security, by which all sectors in an enterprise or government can empower security within their perimeters. The higher understanding of this laws, the better security implementation is realized. These laws can be applied in each business field or any business environment. Such laws can be implemented in any degree of simplicity or complexity. Therefore, it is important to understand the environment deeply before reflecting such laws, in order to meet security goals aimed by the owners.

1 Introduction

It is proven that analysis of a system the key factor for successful management. These systems are collection of ...view middle of the document...

For that, Bruce emphasizes on this law to extend our view to security to cover managerial and administrative process to take its right place to enforce and strengthen level of security in the perimeters, throwing part of the responsibility on managers and end users in security. This can be realized using Information Security Policies, Standards, Guidelines and Procedures, in addition to applying suitable and effective level of awareness to deal with information assets in a healthy way.

3 Second Law: Security is must-to-have, not better-to-have decision

In the past, security was not matured to be essential since the number of technology specialists was low, and easy to be known. Therefore, most applications were using minimal security measures, and sometimes optionally, to deal with the systems effectively and to keep performance high. Nowadays, technology provided us with high performance machines that can overcome such obstacle. In addition, “specialists” in security and technology are increased more and more as time goes ahead. This should raise security from “optionality” to “enforceability”. Number of hackers, whether they are white, black or gray. The more seriously management treats security, the more security level will be gained.

4 Third Law: Security is built from the Core, not on the Edge

As a complementary to the second law, security should be applied step by step as we build the system, from requirements to analysis to design to implementation up to termination stage. Most security vendors apply their measures in the boundaries of the system, forgetting that relations among information assets and employees their selves are more dangerous. For example, applying security measures such as firewalls on a system and giving the permission to any employee the choice and capability to bypass them or configuring them, this will compromise security within this enterprise. Therefore, separation of duties principle is important to determine the roles for each employee and the permissions that should be given to him before the system is built.

5 Fourth Law: Understanding the business is the most crucial factor to a successful security level

Understanding the system will simplify the way of analyzing vulnerabilities and relevant threats that have the ability to exploit these vulnerabilities. Moreover, understanding the system will simplify the way to architect security. The better understanding of the system, the better security design and implementation can be realized. However, a lot of environments now are studied by security experts in collaboration with system analysts to understand and secure these environments correctly and from higher and more points of views.

6 Fifth Law: Security awareness is the most cost-effective security measure

Surveys on security measures proved that security problems come from internal users. As a result, companies are reforming their views to security from being just technical to...

Other Papers Like Top 10 Laws of Security

A Hierarchical Frameworkmodel of Mobile Security

3701 words - 15 pages . The framework layout is figured as a hierarchical architecture consisting of, from bottom to top, three different layers including Property Theory layer, Limited Targets layer, and Classified Applications layer, as illustrated in Fig. 2. A more detailed explanation of each layer of the framework model can be found in the next section. On the lowest layer, Property Theory, some basic issues of security are considered as the fundamental

Principles of Security 5th Edition Chapter 1 Review Questions

844 words - 4 pages and procedure are the most directly affected by the study of information security. Data and software are the most associated with the study of security. 9. What system is the predecessor of almost all modern multiuser systems? The mainframe computer system. 10. Which paper is the foundation of all subsequent studies of computer security? The rand report R-609. 11. Why is the top-down approach to information security superior to the

Chapter 1-Introduction to Information Security: Principles of Information Security

979 words - 4 pages database mgmt. systems data and the application can be protected. People: Have always been a threat to info security (often overlooked) Procedures: written instruction for accomplishing an specific task. 9. In the history of the study of computer security, what system is the father of almost all modern multiuser systems? Mainframe computer systems 10. What paper is the foundation of all subsequent studies of computer security? Rand

Chapter 1 Review Questions

870 words - 4 pages . In order to make data secure, it is an absolute necessity to study all six components, since they are all related parts of information security as a whole. 9. What system is the father of almost all modern multiuser systems? A. The father of almost all modern multiuser system is Mainframe computer systems. 10. Which paper is the foundation of all subsequent studies of computer security? A. The paper foundation of all subsequent

Risk Management Plan

998 words - 4 pages in order to minimize its impact. Risk Monitoring, controlling, and Reporting The level of risk on a project will be tracked, monitored and reported throughout the project lifecycle. A “Top 10 Risk List” will be maintained by the project team and will be reported as a component of the project status reporting process for this project. All project change requests will be analyzed for their possible impact to the project risks. Management will

Ais Attacks

1879 words - 8 pages . Banks, vendors, and retailers are being held responsible for violation of the PCI guidelines. The guidelines are fairly rigorous and can carry steep penalties for failing to abide by them. In other words, any company that experiences a security breach and loses data will be liable and will pay for the damages resulting from their negligence of rules and laws; the only exception to this fact is the economic loss doctrine. The investigation within

Cj 299 Final

4570 words - 19 pages ITT-Technical institute | Capstone Project | Department of Homeland Security | | Rudy Olave (12341891) | 10/19/2012 | Table of Contents Introduction --------------------------------------------------------- Page 3 Background of the topic and linked topic--------------------Page 5 Research Question--------------------------------------------------Page 9 Results

It255 Final Exam Study Guide

1487 words - 6 pages supports confidentiality? a. Threat monitoring b. Vulnerability assessments c. Data classification standards d. Security awareness policies Reference: p14 4. Which of the following is a detailed written definition of how software and hardware are to be used? a. Policy b. Standard c. Procedure d. Guideline Reference: p40 5. Which of the following is not a common type of data classification standard? a. Guideline b. Top

Consumer Behaviour Facebook Case

981 words - 4 pages the user to allow them to view any information of the user (Feldman, 2007). Moreover, Facebook is categorized as a more secure and preserve community. However, MySpace also allows user to change their security features so that users could ensure their profile are protected. Ayres, S. (2014) Top 10 Benefits of a Facebook Business Page. Available from: http://www.postplanner.com/top-10-benefits-facebook-business-page/ [Accessed 27 May 2015

Ethics And Compliance

349 words - 2 pages is responsible to enforce laws to make sure organizations complying with the laws created. The Security Exchange Act of 1934 regulates the transactions of securities in the secondary market where Wal-Mart’s securities are exchanged. The SEC’s powers include enforcing the Securities Act, the Exchange Act, Sarbannes- Oxley Act of 2002, and other legislature (Sarkar, n.d.). Wal-Mart keeps the public and the SEC well informed of all significant

Ethical Hacking

1144 words - 5 pages certifications through Global Information Assurance Certification (GIAC)  Top 20 list  One of the most popular SANS Institute documents  Details the most common network exploits  Suggests ways of correcting vulnerabilities  Web site  www.sans.org Hands-On Ethical Hacking and Network Defense 18   Laws involving technology change as rapidly as technology itself Find what is legal for you locally  Laws change from

Related Essays

Unit 10 Assignment 1: Examine Real World Implementations Of Security Standards And Compliance Laws

525 words - 3 pages UNIT 10 ASSIGNMENT 1: EXAMINE REAL-WORLD IMPLEMENATATIONS OF SECURITY STANDARDS AND COMPLIANCE LAWS CIPA stands for The Children's Internet Protection Act. It is a bill that was signed into law in December 2000, and was to be constitutional by the United States Supreme Court in June 2003. It requires schools K-12 and libraries to have internet filters to protect children from harmful online content that blocks access to “visual

Top 10 Home Remedies Of Skin

777 words - 4 pages Top 10 Home Remedies For Skin Tags: Certain home remedies can help remove skin tags naturally. You can apply a bandage over the area, whenever you apply any kind of paste to prevent it from falling off.  1. Lemon Juice: The citric acid in lemon juice removes the dead cells. Dip a cotton ball in lemon juice and apply it over the tag. Wash it off after some time. Do this twice or thrice a week. In 2-3 weeks, you will notice that the skin tag is

Itt 255 Lab 6 Essay

3922 words - 16 pages Every Information Security Practitioner Should Know:  Chapter 12  Chapter 15 10.1 Craft an Information Security Policy Examine RealWorld Implementations of Security Standards and Compliance Laws Small- to MediumSized Business Analysis Project Part 2: Student SSCP® Domain Research Paper† 2 10 Information Security Standards and Compliance Laws 10.2 Assignment 1 10.3 4 Project 11 Course Review and Final Examination N

Comparision Pape Essay

1865 words - 8 pages serving and protecting individuals and their properties within the community. One major difference between private security officers and public police officers is private security officers have the responsibility of protecting businesses and their employees, whereas public police officers have the responsibility of enforcing laws and sustaining peace within the community (Larrabee, 2007). Private security officers often patrol large shopping areas