Chapter 1
Understanding Core Security Principles
Every computer presents a certain level of risk. You can’t eliminate risk unless you simply never turn on the computer. However, you can manage risk. You start by understanding what risk is and understanding that risk mitigation is accomplished by reducing vulnerabilities.
Several core security principles guide the protection of information technology (IT) systems and data. When you understand these core security principles, it’s easier to grasp the reasoning behind many of the security practices.
Most security principles can be traced back to the security triad (also called the AIC or CIA triad). The security triad mandates protection against the loss of confidentiality, the loss of integrity, ...