Chapter 4: Protecting People, Information, and Systems with Timeless Best Practices
In the preceding chapters, we have defined the problem of information security, discussed the human side of cybersecurity, discussed what makes cybersecurity challenging, and analyzed the anatomy of an attack. All those chapters defined problems. This chapter is all about solutions. Fortunately, some timeless information security best practices are as relevant today as they were decades ago. Interestingly, these timeless best practices are the ones that are routinely ignored in security programs. If these ideas are not novel or difficult to understand, why are they so often ignored? The ideas are simple, well-known, and effective, but they are not easy to implement. These best practices are difficult, and the complexity of implementing them grows exponentially with the size of an organization. As a result, the companies that are most likely to be attacked are least likely to have implemented these best...
