Skip to content
Michael Boelen edited this page Feb 4, 2016 · 2 revisions

Open Source Security Policy

CISOfy promotes the usage of open technologies. We are opening up our security policy to the public, for others to see how we protect our data. Although we suggest using parts of the policy, consider always if something is in line with your type of organization and company goals.

Assumptions

  • Security is not a one-time effort; it is an iterative process striving for continuous improvement.

Principles

  • Deploying defenses in depth: Layer up security, so when one defense goes down, others will continue to work.
  • Use sane and secure defaults: document the defaults, explain why that has been chosen.
  • Too much security may hurt: don't overdo things, it could result in a
  • Don't blame users - Share knowledge, provide safe defaults, and apply a fail-safe principle where possible.

Adversaries can be opportunistic, or highly motivated. In any case you want to protect what is valuable to your organization, or you personally.

Clone this wiki locally