Page Comparison

Guiding Principles

Management Principles

1. Everyone has a responsibility to protect information and individuals are held accountable..
2. Information must not be stored without understanding and formally mitigating or accepting the risk.

Architecture Principles

1. Defense In Depth
2. Least Privilege Access
3. Network Segmentation
4. Segregation of Duties
5. Simplicity

Information Security and Privacy Policies

Information Security decision making is guided by documented policies.
See more: Information Security and Privacy Policies

Roles and Responsibilities

Information Security roles must be formally defined and individuals must be assigned to fulfill those roles.
See more: Roles and Responsibilities

Data Classification

Data must be formally inventoried and assigned a risk classification.
See more: Data Classification

Risk Management

The critical component to implenting information security is performing risk assessment on all information and infrastructure assets.
See more: Risk Management

Information Security

Information Security and Privacy Policies

Information Security Controls

Controls

Each risk classification has a baseline of controls for risk mitigation. These controls must be modified based on individual system risks.
See more: Information Security Controls