Pervasive Principles

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

The pervasive principles specify the general approach information security should take to establish, maintain, and report on the security of systems in their charge. These principles also form the basis for other principles. The properties of integrity, availability, and confidentiality are the values that the principles, practices, and procedures, et. al, are attempting to attain, preserve, and monitor.

The pervasive principles are based largely on the work of the Organization for Economic Cooperation and Development (OECD). Member states include the U.S., Canada, Australia, and Japan (total of 24 member states). The OECD principles were modified and extended using works from the Authoritative Foundation,* GSSP committee review and comment, and comments obtained in the process of obtaining information security professional consensus.

*The Authoritative Foundation is a list of fundamental works on security compiled by the GSSP committee to support the development of GSSP. The list is available from ISSA.

• P-1 Accountability Principle
• P-2 Awareness Principle
• P-3 Ethics Principle
• P-4 Multidisciplinary Principle
• P-5 Proportionality Principle
• P-6 Integration Principle
• P-7 Timeliness Principle
• P-8 Reassessment Principle
• P-9 Democracy Principle
• P-10 Certification and Accreditation Principle
• P-11 Internal Control Principle
• P-12 Adversary Principle
• P-13 Least Privilege Principle
• P-14 Separation of Duty Principle
• P-15 Continuity Principle
• P-16 Simplicity Principle
• P-17 Policy Centered Security Principle