Sunday, January 6, 2013

Approaches and Techniques to IT Security

Approaches include
  • Defence in depth (overlapping controls are stronger)
  • Operational responsibilities (set clear expectations - see policies and procedures below)
  • Centralised security (to enable control - see physical protection)
  • Application controls (operating within an application)
  • Monitoring (detective control)
  • Personnel controls (preventative control)
  • User training (preventative control) &
  • Segregation of duties (reducing risks of fraud or error)
I write about how to maximise each of them at the above links. Within the above approaches are a variety of more specific techniques or practices (some of which I cover in more detail).