You should care! Due care is the conduct of a person in a particular situation. If due care negligence is tested, each due care juror (auditor/tester) has to determine what is “reasonable” in the given situation. Do train people in good choice vs bad choice.
Continually ensure that threats and vulnerabilities are known and acted upon.
- Assets are identified and protected.
- Controls are in-place.
- Regulations are followed and evaluated.
- Who did it?
- Do we have Non-repudiation?
- What are legal consequences?
- How shall we secure the systems?
- Who is accountable?
- integrity and assurance,
- audit trails & logs,
- design, governance and policy,
- RACI matrix..
*standards should include [internal] Minimal Security Baseline (MSB) with influences of vendor best practices, external standards, directives, etc.
It’s alive! Welcome to the SEcurity Content COmmunity (SECCO), a place to share and comment on: IT security – related topics.
SECCO is the interactive section of the CIA³ site (pronounced: CIA cubed). CIA³ is a more modern version of the more classical security concepts known as the CIA triad. CIA³ does however cover: Confidentiality, Integrity, Availability, Accountability, and Assurance.