One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 5314595 |
| Date de publication | 2022-06-22 09:36:12 (vue: 2022-06-21 22:06:06) |
| Titre | Infosec principles (Hinson tips) |
| Texte |  Thinking about the principles underpinning information risk and security, here's a tidy little stack of "Hinson tips" - one-liners to set the old brain cells working this chilly mid-Winter morning:Address information confidentiality, integrity and availability, broadlyAddress internal and external threats, both deliberate and accidental/naturalCelebrate security wins: they are rare and valuableComplete security is unattainable, an oxymoronComplexity is the arch-enemy of security: the devil's in the details Consider all stakeholders - users, administrators, maintainers and attackers Consider threats, vulnerabilities and impacts Controls modify or maintain riskDefence-in-depth layers complementary controls of different typesDon't trust anything untrustworthy Ensure business continuity through resilience, recovery and contingencyEven barely sufficient security is a business-enablerExcessive security is a business-impediment, more likely to be bypassedExploiting information can be a good or a bad thing, depending on contextFailure is a possibility, so fail-safe means fail-secure Focus on significant risks and the associated key controlsGeneral-purpose controls such as oversight and awareness bolster the restGiven practical limits to attainable security, residual risks are inevitableGood security isn't costly: it's valuable, good for business Identify, evaluate and treat risks systematicallyInformation content is a valuable yet vulnerable assetLack of control is neither threat nor vulnerabilityOffensive security is a viable approach, within reasonPeople can be our greatest threats and our most valuable alliesReducing exposure reduces riskResidual (e.g. accepted, shared or unidentified) risks ar |
| Envoyé | Oui |
| Condensat | about academic accepted accidental/naturalcelebrate accountability add adding administrators aligned all alliesreducing alternatives although any anyone anything approach arch are assetlack associated assurance attackers attainable availability awareness bad barely being bolster both brain broadlyaddress build business bypassedexploiting can cannot cause cells challenged chilly clarity clearly coffee combine combined comments complementary concepts conceptual concern confidence confidentiality consequences consider content context contextfailure contingencyeven continuity control controls controlsgeneral corollaries corporate/organisational cost costly: could counter cyber/it decayvulnerabilities definitions delegated deliberate deliberately deniedunmaintained depending depends depth details devil different diminishing dynamic effective elimination enablerexcessive enemy engineer ensure entropy evaluate examples existencestakeholder expanded explanation exposure external fail failurerisk focus foundations from general gives good greatest guidance harmtransparency here hinson identify illusion illustrative impacts impediment improve improved improvingsecurity incidentsrisk increase inevitablegood information infosec inherent inherently integrity internal isn its just justify key kind know layers learning likely limits liners linkedsecurity list little long maintain maintainers make management maturity meaning means mid mind mitigation modify more morning:address most must national neither nor not occurrence old one openness opposed others outcome overladen oversight oxymoroncomplexity perhaps personal phrased planning possibility potential practical pragmatic principles proactively probability process prone provocative purpose quite rare rather realistic reasonpeople recovery reduces related required residual resilience responsibility restgiven result returnsrisks risk riskdefence riskresidual risks risksrisk risky safe secure security security: sense: sequence set shared significant similar situation solid some specific stack stakeholders state structure subject successsystematically such sufficient support supporting sure systematicallyinformation term than them theoretical thing thinking threat threats through tidy tips treat trite trust trusttrust typesdon unattainable underpinning understanding unidentified unlike unloved unreliable untrustworthy unused upon usefully users valuable valuablecomplete value viable viable/credible vital vulnerabilities vulnerabilityoffensive vulnerable weaknessesmost what wins: winter within working worth would yet |
| Tags | Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.