Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Infosec principles (Hinson tips)

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Infosec principles (Hinson tips)


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: blog.noticebored.com


Thinking about the principles underpinning information risk and security, here's a tidy little stack of "Hinson tips" - one-liners to set the old brain cells working this chilly mid-Winter morning:

  • Address information confidentiality, integrity and availability, broadly
  • Address internal and external threats, both deliberate and accidental/natural
  • Celebrate security wins: they are rare and valuable
  • Complete security is unattainable, an oxymoron
  • Complexity is the arch-enemy of security: the devil's in the details
  • Consider all stakeholders - users, administrators, maintainers and attackers
  • Consider threats, vulnerabilities and impacts
  • Controls modify or maintain risk
  • Defence-in-depth layers complementary controls of different types
  • Don't trust anything untrustworthy
  • Ensure business continuity through resilience, recovery and contingency
  • Even barely sufficient security is a business-enabler
  • Excessive security is a business-impediment, more likely to be bypassed
  • Exploiting information can be a good or a bad thing, depending on context
  • Failure is a possibility, so fail-safe means fail-secure
  • Focus on significant risks and the associated key controls
  • General-purpose controls such as oversight and awareness bolster the rest
  • Given practical limits to attainable security, residual risks are inevitable
  • Good security isn't costly: it's valuable, good for business
  • Identify, evaluate and treat risks systematically
  • Information content is a valuable yet vulnerable asset
  • Lack of control is neither threat nor vulnerability
  • Offensive security is a viable approach, within reason
  • People can be our greatest threats and our most valuable allies
  • Reducing exposure reduces risk
  • Residual (e.g. accepted, shared or unidentified) risks are still risks
  • Risk management is inherently risky, prone to failure
  • Risk-aligned planning gives diminishing returns
  • Risks combine the probability of occurrence with consequences of incidents
  • Risk mitigation is not risk elimination
  • Security and risk are dynamic, so proactively maintain and improve security
  • Security and risk are inherently linked
  • Security can be an illusion
  • Security is a process, an outcome and a state of mind
  • Security maturity is the result of learning and improving
  • Security must be cost-effective to add value and so justify its existence
  • Stakeholder understanding and support is vital for long-term success
  • Systematically engineer security - build it up from solid foundations
  • Threats are anything, anyone or any situation with the potential to cause harm
  • Transparency and openness increase assurance, confidence and trust
  • Trust depends on supporting controls such as assurance
  • Unlike responsibility, accountability cannot be delegated or denied
  • Unmaintained, unloved, unused controls are unreliable, subject to entropy and decay
  • Vulnerabilities are inherent weaknesses

Most concern information risk and security in the general corporate/organisational context as opposed to being personal, national or cyber/IT-specific.

Some of them are quite similar or clearly related and could be combined - and I just know there are others worth adding to the list.

Some are phrased as guidance, others as concepts or definitions.

Some are trite, overladen, provocative comments that could usefully be expanded-on for clarity and depth of meaning, perhaps with explanation, corollaries and illustrative examples.

All of them can be challenged with counter-examples and viable/credible alternatives.

My little list is deliberately pragmatic and realistic rather than academic or theoretical. The sequence could be improved upon, although I'm not sure what kind of conceptual structure would make most sense: more coffee required!


...



๐Ÿ“Œ Infosec principles (Hinson tips)


๐Ÿ“ˆ 72.72 Punkte

๐Ÿ“Œ Data Protection Principles: The 7 Principles of GDPR Explained


๐Ÿ“ˆ 30.12 Punkte

๐Ÿ“Œ SOLID Principles / Open - closed principles -


๐Ÿ“ˆ 30.12 Punkte

๐Ÿ“Œ Data Protection Principles: The 7 Principles of GDPR Explained


๐Ÿ“ˆ 30.12 Punkte

๐Ÿ“Œ How to Embed and Nurture Ethical Fiber into your InfoSec Team -- Tips for InfoSec teams from a Former Navy SEAL Commanding Officer


๐Ÿ“ˆ 29.32 Punkte

๐Ÿ“Œ WANTED: a set of infosec principles we can all agree on


๐Ÿ“ˆ 25.6 Punkte

๐Ÿ“Œ Service Principles and Privilege Escalation #cloudservices #cybersecurity #cloud #infosec


๐Ÿ“ˆ 25.6 Punkte

๐Ÿ“Œ 8 Leadership Principles, 8 Changes to Cybersecurity, & 6 Tips for Hiring - BSW #269


๐Ÿ“ˆ 23.31 Punkte

๐Ÿ“Œ Web Accessibility Tips for Developers โ€“ A11y Principles Explained


๐Ÿ“ˆ 23.31 Punkte

๐Ÿ“Œ Tony Blair tells Russian infosec conference that cross-border infosec policies need more gov intervention


๐Ÿ“ˆ 21.07 Punkte

๐Ÿ“Œ HPR3344: Infosec Podcasts Part 3 - Infosec Career and Personal Development


๐Ÿ“ˆ 21.07 Punkte

๐Ÿ“Œ Stunning infosec tips from Uncle Sam, furries exposed, Chase bank web leak, and more


๐Ÿ“ˆ 18.78 Punkte

๐Ÿ“Œ GCHQ's infosec arm has 3 simple tips to secure those insecure smart home gadgets


๐Ÿ“ˆ 18.78 Punkte

๐Ÿ“Œ 5 Tips to Get an โ€œAโ€ on Research Papers & Advance Your Infosec Career


๐Ÿ“ˆ 18.78 Punkte

๐Ÿ“Œ 5 Tips to Get an โ€œAโ€ on Research Papers & Advance Your Infosec Career


๐Ÿ“ˆ 18.78 Punkte

๐Ÿ“Œ How to secure your website โ€“ InfoSec tips for newbie website owners


๐Ÿ“ˆ 18.78 Punkte

๐Ÿ“Œ Security In 5: Episode 386 - Tools, Tips and Tricks - Holiday Security Tips You Should Consider Now


๐Ÿ“ˆ 16.49 Punkte

๐Ÿ“Œ Security In 5: Episode 405 - Tools, Tips and Tricks - Security Tips For Students Back To Class


๐Ÿ“ˆ 16.49 Punkte

๐Ÿ“Œ Security In 5: Episode 525 - Tools, Tips and Tricks - Parents Tips For Video Gamers - A Video


๐Ÿ“ˆ 16.49 Punkte

๐Ÿ“Œ Security In 5: Episode 657 - Tools, Tips and Tricks - Tips To Make Office 365 MFA Better


๐Ÿ“ˆ 16.49 Punkte

๐Ÿ“Œ BlackBerry CEO Defends Lawful Access Principles, Supports Phone Hack


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ BlackBerry CEO Defends Lawful Access Principles, Supports Phone Hack


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ NACD Publishes Five Cybersecurity Principles Every Board Director Needs to Know


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ Cyber Resilience Tools and Principles for Boards of Directors


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ IT-Dienstleister Seven Principles รผbernimmt DTS


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ Applying the Principles of Quantum Entanglement to Secure Communication


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ Demis Hassabis - Learning From First Principles - Artificial Intelligence NIPS2017


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ The Principles of Animation


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ Elon Musk: First Principles


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ Elon Musk: First Principles


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ As Mark Zuckerberg Heads to DC: These Principles Should Guide The Use Of Customer Data


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ Can the World Economic Forum's Cyber Security Principles Advance Cyber Resilience?


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ Consortium Promotes Principles for Fair and Accurate Security Ratings


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ The Principles of Versioning in Go


๐Ÿ“ˆ 15.06 Punkte

๐Ÿ“Œ Kaspersky Lab transparency principles


๐Ÿ“ˆ 15.06 Punkte











matomo