Professional Documents
Culture Documents
1. Organization size
2. Security need
3. Organizational priority
How?
1. Monitoring
2. Enforce policy and compliance
3. Ensure regulatory compliance and audit
4. Risk assessment
5. Business supporting
6. Security solution testing and implementation
7. Security awareness
8. Security Incident handling
Note: The roles and responsibilities can be divided based
on the team strength and experience. Some of the
activities need technical skills and some need security
management skills. Tasks can be prioritized and done as
agreed.
• This principle says that the system should not trust the access
decisions it recovers from the system cache. This particular
security design principle says that there must be a mechanism
in the system that checks each access through the access
control mechanism.
4. Open Design
• As this would irritate the user ad user may disable this security
mechanism on the system. Therefore, it is suggested that the
security mechanism should introduce minimum hurdles to the
user of the system.
9. Isolation
• This security design principle is considered in three
circumstances. The first condition, the system that has critical
data, processes or resources must be isolated such that it
restricts public access. It can be done in two ways.
• So, this is all about the security design principles which should
be considered while designing the security mechanism for a
system.
Quiz 1 Prelim
Next meeting:
• System and Security Life Cycle
• Security Implementation Mechanism
- Gates, guard , guns; Cryptography
• Information Assurance analysis model