A user should only have the minimum level of access necessary to do their job. This limits the "blast radius" if an account is compromised. 5. The Aftermath: Incident Response
Encryption—the final line of defense that renders data unreadable even if it is stolen. 4. The Logic of Access Control Fundamentals of information systems security
Identifying what assets you have, what threats they face, and how much you’re willing to spend to protect them. A user should only have the minimum level
The Invisible Shield: Decoding the Fundamentals of Information Systems Security what threats they face
Guaranteeing that data is accurate and has not been tampered with. If a bank balance changes without a transaction, the integrity is blown.
The "law of the land" for an organization. This includes everything from password complexity to how a laptop should be stored.