Page 180 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 180
The result of the applied countermeasure should make the cost of
an attack greater for the perpetrator than the derived benefit from
an attack.
The countermeasure should provide a solution to a real and
identified problem. (Don’t install countermeasures just because
they are available, are advertised, or sound cool.)
The benefit of the countermeasure should not be dependent on its
secrecy. This means that “security through obscurity” is not a
viable countermeasure and that any viable countermeasure can
withstand public disclosure and scrutiny.
The benefit of the countermeasure should be testable and
verifiable.
The countermeasure should provide consistent and uniform
protection across all users, systems, protocols, and so on.
The countermeasure should have few or no dependencies to reduce
cascade failures.
The countermeasure should require minimal human intervention
after initial deployment and configuration.
The countermeasure should be tamperproof.
The countermeasure should have overrides accessible to privileged
operators only.
The countermeasure should provide fail-safe and/or fail-secure
options.
Keep in mind that security should be designed to support and enable
business tasks and functions. Thus, countermeasures and safeguards
need to be evaluated in the context of a business task.
Security controls, countermeasures, and safeguards can be
implemented administratively, logically/technically, or physically.
These three categories of security mechanisms should be implemented
in a defense-in-depth manner in order to provide maximum benefit
(Figure 2.6).
