Joe outlines 7 security principles: 1) Make copies of important files so they can be recovered if lost or corrupted. 2) Prevent security risks by taking basic precautions like access controls. 3) Detect changes in systems' normal behavior to identify potential breaches. 4) Have plans to deal with breaches when they occur and communicate effectively. 5) Educate users as they are often the weakest link; strengthen security culture. 6) Test systems and user knowledge to ensure readiness for breaches. 7) Aim to slow potential breaches to allow for detection and response since perfect security is impossible.

1. Joe’s 7 Security Principals

2. Make copies
We make copies so that if something is lost,
corrupted or changed we can recover it to a
known state. Business continuity, Disaster
recovery & Backup.

3. Prevent
Where we know of a security risk we use
proportionate means to prevent it. Do the
basics, but do them well. Know what you are
protecting and why.

4. Detected
Security is a constant evolutionary battle, we
must know what is normal in our systems and
investigate changes in behaviour, Include data
classification in this

5. Deal
A breach will occur at some time and at some
level, if we already know what to do and what
to say we can stop it becoming worse.

6. Educate
Security is only as strong as its weakest link, this
has always been proven to be people – by
education we make the system stronger.
“The People are
the Castle”.
Make a strong
security culture.

7. Test
We must test our systems to see if they work,
to see if people know what to do and to
update them where necessary, so they are
ready if a breach occurs.

8. Slow Down
Security is never absolute, we must assume
that a breach will occur so we look to slow
down that breach so it can be detected and
dealt with.