(Security Design Principles)
1.Identity and
Access management
Strong identity foundation
- Least privilege
- Separation of duties
- Centralized managed
- Reduce reliance on long-term credentials
2.Detective
Controls
Traceability
- Monitor, Alert & Audit key activities in real time
- Monitor, Alert & Audit Configuration changes in real time
- Automate responses to alarms
3.Infrastructure
Protection
A. Layered Security
- Secure Entire systems, not just the Outer layers
- Apply Defense in depth
- Apply to all layers of the solution
B. Automate Security best
practices
- Use software-based security mechanisms that are scalable
- Create Secure Architectures
- Use version-controlled configuration templates
4.Data
Protection
Protect data
- Protect data both in transit and at rest
- Use data Encryption and appropriate key management
- Reduce human access to data to reduce risk or loss or modification
- Audit data activities and define automated responses
5.Incident
response
Prepare for Security
events
- Design and test an incident management process
- Run incident response simulations
- Use tools and automation to respond to defined incidents
No comments:
Post a Comment