Contributor(s)The Pennsylvania State University CiteSeerX Archives
best security practices
security process framework
Full recordShow full item record
Abstract&quot;By nature, [humans] are nearly alike; by practice, they get to be wide apart.&quot;--Confucius, Analects. Abstract: Security technology is important to security, but the practices of the people who develop, integrate, evaluate, configure, maintain, and use that technology are more important; indeed, these practices are the foundation of technical (as well as physical and personnel) security. It is crucially important, therefore, that security practices be good ones; when feasible, best security practices (BSPs) should be used. In Section 2 this paper defines &quot;BSP, &quot; asserts the need for multiple levels of goodness among BSPs, and connects the sharing of BSPs to Knowledge Management. Section 3 argues for the use of a security process framework (SPF) to categorize BSPs and describes an SPF that harmonizes three well-known collections of BSPs. Section 4 identifies six important phases, or functions, of the BSP life cycle–namely, identify, package, evaluate, adopt, deliver, and improve–and briefly discusses packaging (offering a format for BSPs) and evaluation (discussing some criteria for such evaluation). A summary concludes the paper.