High-level principles underlie a great deal of existing information security thinking and practice, but that they have remained generally under-researched andunarticulated in favor of technical documents that are highly detailed and highlyprescriptive, such as the NIST Risk Management Framework, CIS Critical Security Controls, ISO standards, or the HIPAA security rule. These documents may be loaded with greatadvice, but they are difficult to understand without the benefit of significant prior training,and do little to help someone learn to “think like a security practitioner” or to address novel, emergent situations. The Information Security Practice Principles seek to bridge this gap, providing a foundational mental model for information security problem-solving. The Principles can be used to teach new or non-practitioners, such as students and executives, about doing information security; they can help practitioners make decisions in novel situations, where an established best practice may not exist; and they can add validity and salience to existing, more-detailed statements of best practice. Read More
iTM covers all aspects of cybersecurity from Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us