Chapter 9 9. The Application of Cybersecurity: Principles and Practices “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” - Bruce Schneier As we have seen throughout this text, managing cybersecurity is complex. There are many facets that need to be understood including how cyberspace works, cyber adversaries and their tactics, cyber risk management, cryptography, and access control. Implementing cybersecurity takes all of this knowledge and more. It involves understanding the nature of the problem and the variety of possible solutions. It involves making shrewd choices and wise investments. It involves technology-based solutions as well as people, process, and facility-based solutions. This chapter reviews basic principles of cybersecurity and then several best practices. In theory, every practice is rooted in a principle of cybersecurity. Principles are akin to rules of thumb and practices are specific actions that implement principles. Following sound principles and best practices leads to strong cybersecurity. This chapter outlines the top ten principles and several areas of best practices—it is this text’s most practical chapter in terms of implementing cybersecurity on the ground. 9.1 Cybersecurity Principles “Effective people lead their lives and manage their relationships around principles; ineffective people attempt to manage their time around priorities and their tasks around goals.” - Principle-Centered Leadership by Stephen Covey Principles are high-level guidelines that inform daily priorities and decisions. Wise principles lead to good decisions and positive results. The converse is also true: faulty principles lead to poor results. It is not necessary to be able to trace specific causes-and-effects
RkJQdWJsaXNoZXIy MTM4ODY=